Component : Service Operations Insight (SOI) Manager
Resolution
We can disable the AJP Connector directly, or change its listening address to the localhost to fix this Ghostcat vulnerability.
Here , Mentioned Ghostcat vulnerability is part of NIM server .so please perform same steps for nim server also.
Steps:
(1) Edit \CA\SOI\nimServer\conf\server.xml,find the following line ( is the Tomcat work directory):
(2) Comment out it (or just delete it):
(3) Save the edit, and then restart Tomcat.
Request to please perform the above steps in the customer environment and confirm if this resolves the reported vulnerability. For more details follow below URL