Vulnerability on CAPM DC - SSH weaknesses exposed
search cancel

Vulnerability on CAPM DC - SSH weaknesses exposed


Article ID: 204850


Updated On:


CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps


An internal security scan reveals the following security vulnerabilities which needs to be remediated.

Please let me know how to fix these vulnerabilities.



Release : 20.2

Component : IM Polling


The karaf daemon runs an SSH server.

The only time it would be used is if support needed to SSH into karaf to check on running bundles while troubleshooting an issue.


There are 2 possible solutions for this issue.

1. Port 8601 should be firewalled to be only locally accessible. 

2. rm –f /opt/[IMDataAggregator|IMDataCollector]/apache-karaf-2.4.3/etc/host.key

  edit /opt/[IMDataAggregator|IMDataCollector]/apache-karaf-2.4.3/etc/

  uncomment keySize line and set keySize to 4096

  uncomment algorithm line and set algorithm to RSA

  Restart the DC. These can also be used for the DA if needed. 

Additional Information

Broadcom plans to update to a newer version of karaf in a future build which may offer more flexibility for adding custom headers.

12.2020 - There is no eta for completion of this work.