When attempting to invoke the Export function in Service Desk Manager, the following message and prompts presents
Changes were made per the existing documentation Securing CA SDM from Cross-Site Scripting Vulnerabilities. Affected SDM instance is a standalone server with no other SDM Servers involved.
Release : 17.3
Component : SDM - Vulnerability
The NX.env variable NX_LOCAL_SERVLET_SERVER_URL has been configured to use a host name in all caps, but should be lower case.
First, verify if the problem is the setting in the NX_LOCAL_SERVLET_SERVER_URL by setting it with the direct IP address of the target server, ie:
@NX_LOCAL_SERVLET_SERVER_URL=http://###.###.###.###:8080
If the export works with the direct IP address, the problem is with the DNS being unable to resolve the hostname being presented correctly. A common reason is that the DNS is being case sensitive, ie:
@NX_LOCAL_SERVLET_SERVER_URL=http://SDM-SERVER.EXAMPLE.COM:8080
@NX_LOCAL_SERVLET_SERVER_URL=http://sdm-server.example.com:8080
Depending on host and DNS settings, one of the above may work while the other will present the XSS errors.