Vulnerabilities discovered in CA Service Desk Manager
search cancel

Vulnerabilities discovered in CA Service Desk Manager

book

Article ID: 255480

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager

Issue/Introduction

Our security team performed pen testing on CA Service Desk Manager and discovered the following vulnerabilities. What is the best way to address each vulnerability?

1. Missing Security Headers 
2. Outdated Software Version in Use
3. Insecure Session Management
4. Information Disclosure

Environment

CA Service Desk Manager 17.3 and 17.4

Resolution

In order to address the vulnerabilities, please see the following.

 

Vulnerability Title Broadcom Recommendations
Missing Security Headers

Solution: Refer SDM documentation:

Add HTTP Headers in CA SDM Options Manager

Outdated Software Version in Use Ensure that you have CA SDM 17.4 installed with the latest RU patch
Insecure Session Management

By default session timeout is 60min. This can be reduced to as per your requirement. Refer the document:

How to modify the CA SDM Web Session timeout?

Information Disclosure

Solution: Refer the SDM documentation:

How to Hide Apache Tomcat Version Number from Error Pages in CA Service Desk Manager?