Our security team performed pen testing on CA Service Desk Manager and discovered the following vulnerabilities. What is the best way to address each vulnerability?
1. Missing Security Headers
2. Outdated Software Version in Use
3. Insecure Session Management
4. Information Disclosure
CA Service Desk Manager 17.3 and 17.4
In order to address the vulnerabilities, please see the following.
Vulnerability Title | Broadcom Recommendations |
Missing Security Headers |
Solution: Refer SDM documentation: |
Outdated Software Version in Use | Ensure that you have CA SDM 17.4 installed with the latest RU patch |
Insecure Session Management |
By default session timeout is 60min. This can be reduced to as per your requirement. Refer the document: |
Information Disclosure |
Solution: Refer the SDM documentation: How to Hide Apache Tomcat Version Number from Error Pages in CA Service Desk Manager? |