Hi Team,
By default, all agent components of CA Release Automation expose a web-based JMX console on port 8282.
The username and password are exchanged over an unencrypted connection, and the default credentials are accepted.
To remediate this, TLS encryption must be put in place and the credentials changed from the defaults.
The other alternative is to disable the console on all affected machines. See: https://knowledge.broadcom.com/external/article/29126/how-to-enabledisable-jmx-console-in-ca-r.html.
Can you please provide some guidance on same?
Release : 6.x
Component : CA RELEASE AUTOMATION CORE
CA Release Automation(CARA) exposes below JMX port for respective components
Please refer to below mentioned KB's for more details around JMX and Security Configurations
JMX on Agents doesn't have TLS configuration, and not used for any administrative task. Henceforth we recommend if needed to disable the same as mentioned in document above.
JMX of NAC and NES used for administrative operation on product both support TLS configuration, refer document Secure Communications With Signed Certificates (Enabling TLS for JMX refer section JMX)
For any specific administrative task requiring JMX of Agent it can enable, used and disable on adhoc basis.