search cancel

Is it possible for security purposes to restrict access to X11 TCP ports (6001 - 6003) which are used by BOXI? Is there a security risk by having these ports open by them accepting connections from anywhere?

book

Article ID: 21298

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction



Is it possible for security purposes to restrict access to X11 TCP ports (6001 - 6003) which are used by BOXI? Is there a security risk by having these ports open by them accepting connections from anywhere?

Environment

Spectrum 10.2.x or below integrated with CABI BOXI 4.1 SP3 or below.

Resolution

The X11 TCP ports (6001 - 6003) are not in use by Spectrum Report Manager but are used by BOXI (Business Objects).

BOXI is a 3rd party utility produced by SAP and they have provided the details below:

Xvfb is used by the Crystal Reports portion of the product on UNIX for registry interaction and report rendering. It does not permit external connections into the machine.

If Crystal Reports functionality is not required and Crystal Reports related processes are disabled and shut down, Xvfb is not brought online at all.

This has been the nature of the product since the early days of Crystal Reports on UNIX.