UIM - Clickjacking vulnerability detected on CABI 4.20
Article ID: 199320
Updated On:
Products
Issue/Introduction
Security team has detected vulnerability on my CABI server.
The CABI is running on bundled 4.20 version.
Name: Web Application Potentially Vulnerable to Clickjacking
URL: https://www.tenable.com/plugins/nessus/85582
Plugin output: https://<CABI_URL>/cabijs/login.html
Advice if there is a solution or patch for this vulnerability.
Environment
Release : 20.1
Component : UIM - CABI
Resolution
Follow steps below to address this
Keep backup of applicationContext-security-web.xml from cabi server
Open the applicationContext-security-web.xml file (found in ..\Nimsoft\probes\service\wasp\webapps\cabijs\WEB-INF folder).
1)Locate the "antiClickJackingEnabled" property in the webAppSecurityFilter bean, and set it to true.
Setting this property to true instructs CABI Server to include an X-Frame-Options header in every response
2) Set antiClickJackingOption to ALLOW-FROM.
3)In this case, you need to add one more property similar to it. Assign key as "antiClickJackingUri"
and value as UMP robot IP(http(s)://<FQDN or IP of ump-robot>:<port>
4)Then from IM, navigate to Raw configure of cabi probe and edit the cabi_url value. Set it to the CABI robot's FQDN like this:
http(s)://<FQDN-of-cabi-robot>:<port>/cabijs
Then restart both CABI and UMP robot .
Access UMP also using its FQDN.
Check if summary page gets loaded
Example
Additional Information
Also might require set below in chrome to load summary dashboards in ump
1. In your browser session, navigate to chrome://flags
2. Set "SameSite by default cookies" from 'Default' to 'Disabled'
CABI Summary dashboard does not work in Chrome (UIM 9.20)
Article Id: 186993
https://knowledge.broadcom.com/external/article?articleId=186993
Attachments
Feedback
