search cancel

DX NetOps - CAPM Vulnerability


Article ID: 211231


Updated On:


CA Performance Management - Usage and Administration


Vulnerability: Hashicorp Consul Web UI and API access – Plugin ID: 111351
Severity: High


Port: 8900 / tcp / wwwDescription :

A remote, unauthenticated attacker may able to access Consul Web UI and API to gather data, register services and gain remote access.

Solution :

Only allow localhost connections, set up firewall and ACLs.See Also :, :

The following JSON formatted data was gathered from Consul Web API:


ACL policy:
ACL support disabled


Release : 3.7

Component : CA Performance Management Predictive Option


In 20.2.8 we added ACL token support to Consul.  DA/proxy upgrade for 20.2.8+ will create an ACL token and store in <shareddir>/

The contents of that file must be used when accessing the web UI for consul.


To resolve this, upgrade to 20.2.8+.


NOTE: proxy MUST be upgraded before the 2 DAs.

Additional Information