search cancel

CA UIM 20.3 details on vulnerabilities listed in Release notes

book

Article ID: 201228

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

In the CA UIM 20.3 release note, under "What's new" section,  there are remediation of vulnerabilities on Addressing Admin Console and Operator Console Vulnerabilities
- 3.1.2 RED-14-007635-002: Information disclosure through detailed error messages
- 3.1.3 RED-14-007635-003: Insecure Content Security Policy configuration
- 3.1.4 RED-14-007635-004: Version information disclosure.

What exactly are these vulnerabilities about? 

 

 

 

Environment

Release : 20.3

Component : UIM - INSTALL

Resolution

These vulnerabilities are some of the  CSP vulnerabilities listed here :

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP