Primary Hub ASP .Net 2.0 web config file information disclosure vulnerability


Article ID: 145217


Updated On:


NIMSOFT PROBES DX Infrastructure Management


Using CA UIM 8.5.1 in my environment. Recent security scan has flagged out the following vulnerabilities on Primary Hub - Service Port 8080.

Have checked the server and found this port 8080 is related to a UIM default web page.
Would like to know how to address this vulnerability.


Release : 8.51/ 9.x

Component : UIM - ADMIN_CONSOLE /sevice_host


On further investigation it was found that the web service was hosted by probe named “service_host” and the vulnerability is referring to its web.config and one of its settings.

If running UIM 8.51 and above version , the service_host probe is deprecated is not required .Can deactivate / delete this probe .

Additional Information