ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Catalog document on access vulnerability - popup asking for credentials is considered a security issue

book

Article ID: 198955

calendar_today

Updated On:

Products

CA Service Catalog

Issue/Introduction

Product: CA Service Catalog

Access the url "http://<catalogserver>/usm/documents"

A prompt is presented asking for credentials, possibly an invader to perform brute force methods to gain access to the system.

Cause

Information Security team have reported a security issue on CA Catalog that services are exposed to the Internet
This behavior (a popup asking for credentials) was considered a security issue by security team.
since an invader can use the popup to gain unauthorized access to our environment through brute force techniques

Environment

Release : 17.3

Component : CA SERVICE CATALOG

Resolution


I wanted to inform you that a new defect (DE57634) has been raised for this issue and Engineering team are working on this.

Please be on the lookout for our proactive notifications and release notes which will also provide information about the defect fixes that are released.

Article title: How to register to Broadcom Software Product updates and Critical Alerts

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=133819