The Cloud Proxy is being flagged on the HTTPS (8444) and SLS Isengard port (5443)
|TLS ROBOT Vulnerability Detected|
CVE-2017-6168, CVE-2017-17382, CVE-2017-17427, CVE-2017-17428, CVE-2017-12373, CVE-2017-13098, CVE-2017-1000385, CVE-2017-13099, CVE-2016-6883, CVE-2012-5081
The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. To detect this, the vulnerable ciphers should be disabled.
Steps for disabling the vulnerable ciphers (https://qualys.secure.force.com/articles/How_To/000002963 )
Release : 21.3
Component : Introscope
Looks like some may be at “apmservices.cloudproxy-126.96.36.199.jar” and those are the ones that flagged. I thought I had upgraded everything to “apmservices.cloudproxy-2022.1.0.25.jar”. I have patched the cloud proxies, waiting on the scan. You can close out the case if you want. If scan comes back with an issue, I will open another case.
Do you have detailed breakout of the fixes in all the 2022 releases? I want to see what changed between apmservices.cloudproxy-2022.1.0.25.jar & apmservices.cloudproxy-2022.3.0.21.tar and if I should grab the latest.
Doc defect submitted DE535149 to provide this going forward.