AE v12.3.6 HF2 includes a fix for a bug related to the Service Manager
A security issue has been fixed between the Automation Engine and the Servicemanager.
What is the impact of this bug?
Release : 12.3.6
Component : Automation Engine
This problem came in picture when client ran penetration tests on Service Manager 12.3.3 (and 12.2.2) and figured out how the AE does the authentication for the connection to the Service Manager: it uses a undocumented password parameter with a timestamp value.
This can be done by the user directly by using a timestamp via CLI as well:
UCYBSMCl.exe -c GET_PROCESS_LIST -h XXXXXXX -n XXXXXX -p $((GetDate).ToUniversalTime().ToString("yyyMMdd$([char]0x01)HHmmss"))
So the user can basically authenticate without a password.
Fixed Versions: 12.2.9 HF2
12.3.7
21.0