ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AIOps - 20.2 Vulnerability issues

book

Article ID: 222226

calendar_today

Updated On:

Products

DX Operational Intelligence DX Application Performance Management CA App Experience Analytics

Issue/Introduction

Security test was applied to DX operational intelligence, and some vulnerabilities were found. There are 6 different types of vulnerabilities:

1) High CORS - Cross Origin Resource Sharing 
Impact of the Vulnerability Information Disclosure, Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 80
Reference Number CWE-942

2) High Vulnerable Javascript Dependency 
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Use of Vulnerable Plugins
Port number of Findings 80
Reference Number CVE-2020-11022

3) Medium Information Disclosure 
Impact of the Vulnerability Information Disclosure
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing Configuration in Server
Port number of Findings 80
Reference Number CWE-20

4)Medium Cookie Without HttpOnly Flag Set 
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 80
Reference Number CWE-1004

5) Medium Cookie Without HttpOnly Flag Set 
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 80
Reference Number CWE-1004

6)Medium Cookie Without Secure Flag Set 
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 8381
Reference Number CWE-614

Cause

We have addressed all above security-related issues in 21.3.x release

Environment

DX Operational Intelligence 20.x
DX Application Performance Management 20.x
DX AXA 20.x

Resolution

Upgrade to DX Platform 21.3.1

Additional Information

https://knowledge.broadcom.com/external/article/190815/dx-aiops-troubleshooting-common-issues.html