[root@xxxxxxxx ~]# curl -I --insecure https://xx.xx.xx.xx/iam/im/index.jsp
HTTP/1.1 302 Found
Date: Sun, 26 Feb 2023 23:26:53 GMT
Server: vApp Web Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: JSESSIONID=uJ75qDd67VUAy6uprN7b4B2aCb_24qyjBdQ4_oJT.iamnode1; path=/iam/im
Via: 1.1 CA_IMAG_VAPP
The web server/application should be configured to not disclose Version number to the user. Error messages for end users should only contain information that is relevant to them and should not reveal any other internal information. This is an information disclosure issue.
Can we remediate this problem?
Release : Virtual Appliance 14.4.x
This is a known issue and has been recorded as DE559493.
As of this article is written, there is available fix for vApp 14.4.1.
Please raise a Support Call ticket and inform about this KB article to get the fix.