Offline Developer Portal vulnerabilities detected

book

Article ID: 206720

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

We have installed and configured Layer 7 Developer Portal 4.5 in our environment. As per InfoSec guidelines, Layer 7 Developer Portal was scanned by Rapid7 tool. 

After scanning more than 300+ vulnerabilities are found on Layer 7 Developer portal and we need to fix those asap to move it into production.

Request you to kindly provide the fix for those vulnerabilities.

Environment

Release : 4.5

Component : API PORTAL

Resolution

We do not currently have any mechanism to perform an offline platform update


- Portal 4.5 Centos image is just an starting point (need to use yum to update as needed) this is not an appliance like gateway form factor.

- Gateway virtual appliance form factor is updated by using patches because it is a hardened image (has not yum available to customer use it).

the following options you can look at would be:

1) Download, load and install the RPMs manually (quickest solution, but not practical long term)
2) Setup a local yum repository (may take more time to setup, but better long term solution)