AXA Browser agent cookies "x-apm-brtm-servertime" vulnerability

book

Article ID: 185425

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management CA Application Experience Analytics SaaS (AXA)

Issue/Introduction

A security vulnerability is reported on the cookies of AXA browser agent

(a) Mark all cookies used within the application as secure

(b) Mark the cookie as HTTPOnly.

Environment

AXA 17.3.2
Browser Agent

 

Resolution

These cookies only store data related to AXA. Nothing related to the actual application data is stored in these cookies.
This is false positive and shouldn't be of concern.