Offline Developer Portal vulnerabilities detected
search cancel

Offline Developer Portal vulnerabilities detected


Article ID: 206720


Updated On:


CA API Developer Portal


We have installed and configured Layer 7 Developer Portal 4.5 in our environment. As per InfoSec guidelines, Layer 7 Developer Portal was scanned by Rapid7 tool. 

After scanning more than 300+ vulnerabilities are found on Layer 7 Developer portal and we need to fix those asap to move it into production.

Request you to kindly provide the fix for those vulnerabilities.


Release : 4.5

Component : API PORTAL


We do not currently have any mechanism to perform an offline platform update

- Portal 4.5 Centos image is just an starting point (need to use yum to update as needed) this is not an appliance like gateway form factor.

- Gateway virtual appliance form factor is updated by using patches because it is a hardened image (has not yum available to customer use it).

the following options you can look at would be:

1) Download, load and install the RPMs manually (quickest solution, but not practical long term)
2) Setup a local yum repository (may take more time to setup, but better long term solution)