Pen testing team found that the Identity Portal (14.4)  application and/or its users are primarily vulnerable to: insecure direct object reference, and file upload functionality.

• The ability to upload files to the web server was identified. File upload functionality is commonly associated with a number of vulnerabilities, including placing other client-executable code into the domain, transmission of viruses and other malware, and the ability to cause a denial of service condition.

Please let me know how can I disable or remove the upload feature or functionality from the identity portal 14.4 

Release : 14.4

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

New sigma.war file provided by L2 through DE508978.