Security test was applied to DX operational intelligence, and some vulnerabilities were found. There are 6 different types of vulnerabilities:
1) High CORS - Cross Origin Resource Sharing
Impact of the Vulnerability Information Disclosure, Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 80
Reference Number CWE-942
2) High Vulnerable Javascript Dependency
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Use of Vulnerable Plugins
Port number of Findings 80
Reference Number CVE-2020-11022
3) Medium Information Disclosure
Impact of the Vulnerability Information Disclosure
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing Configuration in Server
Port number of Findings 80
Reference Number CWE-20
4)Medium Cookie Without HttpOnly Flag Set
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 80
Reference Number CWE-1004
5) Medium Cookie Without HttpOnly Flag Set
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 80
Reference Number CWE-1004
6)Medium Cookie Without Secure Flag Set
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 8381
Reference Number CWE-614
We have addressed all above security-related issues in 21.3.x release
DX Operational Intelligence 20.x
DX Application Performance Management 20.x
DX AXA 20.x
Upgrade to DX Platform 21.3.1