DX Platform 20.2 - Vulnerabilities

book

Article ID: 222226

calendar_today

Updated On:

Products

DX Operational Intelligence DX Application Performance Management CA App Experience Analytics

Issue/Introduction

Security test was applied to DX operational intelligence, and some vulnerabilities were found. There are 6 different types of vulnerabilities:

1) High CORS - Cross Origin Resource Sharing 
Impact of the Vulnerability Information Disclosure, Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 80
Reference Number CWE-942

2) High Vulnerable Javascript Dependency 
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Use of Vulnerable Plugins
Port number of Findings 80
Reference Number CVE-2020-11022

3) Medium Information Disclosure 
Impact of the Vulnerability Information Disclosure
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing Configuration in Server
Port number of Findings 80
Reference Number CWE-20

4)Medium Cookie Without HttpOnly Flag Set 
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 80
Reference Number CWE-1004

5) Medium Cookie Without HttpOnly Flag Set 
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 80
Reference Number CWE-1004

6)Medium Cookie Without Secure Flag Set 
Impact of the Vulnerability Privilege Escalation
Access From Internet
User Profile Anonymous
Findings Category Web
Cause of Weaknesses Missing In Application Development
Port number of Findings 8381
Reference Number CWE-614

Cause

We addressed all security-related updates in our next on-premise release, 21.3

Environment

DX Operational Intelligence 20.x
DX Application Performance Management 20.x
DX AXA 20.x

Resolution

Upgrade to DX Platform 21.3