DX OI - Vulnerability ssl-cve-2011-3389-beast
search cancel

DX OI - Vulnerability ssl-cve-2011-3389-beast


Article ID: 269936


Updated On:


DX Operational Intelligence DX Application Performance Management


We have received mail from our Security team mentioning ssl-cve-2011-3389-beast vulnerability in DX-OI 



Release : 21.3


This is a false vulnerability issue for Broadcom Products (APM, OI and AXA).
- DX OI and Dashboards endpoints in DX SaaS and we are not vulnerable as we use TLS 1.2 or higher.
This will not be relevant for DX Gateway, DX Platform, DX Installer as it's specifically about communication between user's browser and UIs.
- The APM endpoint (apmgw.dxi-xxx) is also not vulnerable in SaaS.
Suggestion: validate that all your DX ingres/routes with the TLS checker to confirm those are not vulnerable. 

Additional Information