search cancel

JCS version disclosure

book

Article ID: 213446

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

The customer is using N- MAP" for scanning Identity manager components installed on the server and found the below vulnerabilities.

 

Database: MSSQL server 2012

Version Disclosure

Port 22001 Jetty 7.2.2.v20101205

 

Cause

Ports 22001 and 22002 are open. To verify use the below command

netstat -abn | findstr 22001*

Environment

IDM version: 14.3CP2 on windows server 2012 r2

Resolution

Make sure the customer is using different ports for the JCS connector. we can resolve the vulnerability by disabling the ports.

Steps:

On the installed server

1) Go to the path C:\Program Files (x86)\CA\Identity Manager\Connector Server\jcs\conf\

2)Open the file server_osgi_common.xml

3) Under the  <transportConnectors> section

Comment the first two lines as shown below

 

<transportConnectors>

#<transportConnector name="http" uri="http://0.0.0.0:22001" />

#<transportConnector name="https" uri="https://0.0.0.0:22002" />

<!-- to disable TLSv1.0; comment the line above and uncomment the following line --> <!--

<transportConnector name="https" uri="https://0.0.0.0:22002?transport.enabledProtocols=TLSv1.1,TLSv1.2" /> -->

</transportConnectors> </broker>

4) Now restart the Jcs connector services