We received Application VA Assessment on CAPM application server.
Scanner : Qualys
Port: 11099 and 1099
|DA||RHEL 7.3||JMX||JMX Server Allows Clear Text Authentication||2||Enable SSL on the JMX server.|
|DC||RHEL 7.3||JMX||JMX Server Allows Clear Text Authentication||2||Enable SSL on the JMX server.|
Currently product uses clear text, feature is planned to enable SSL for the same.
Release : 21.2
Component : IM Data Aggregator
There is already a feature planned to fix this vulnerability
This is in the Engineering backlog.
Currently there is no ETA.
block 1099 (DA/DC) and 11099 (AMQ) via iptables/firewall
Allow only localhost to access them.