search cancel

Univiewer conosole jar files modification is possible

book

Article ID: 254525

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

During a security Audit test, it was found that the jar files of the Univiewer Console could be modified and recompiled which would allow to change different text fields and display some menus.

It would be preferred that jar files are obfuscated to avoid such modifications.

The question that was asked is if the Security of the tool and different components could be compromised.

Environment

Release : 6.x ad 7.x

Component: Univiewer Console

Resolution

The obfuscation of the jar files will be implemented in the future via the story PMDU-3033

Nevertheless, the Security checks are performed at the UVMS or Nodes Level so it does not matter if a menu/button can be displayed for a user not having permissions to do so, as the ulterior component will have the security on its own database and will refuse the request anyhow.