DX OI - Vulnerability ssl-cve-2011-3389-beast
search cancel

DX OI - Vulnerability ssl-cve-2011-3389-beast

book

Article ID: 269936

calendar_today

Updated On:

Products

DX Operational Intelligence DX Application Performance Management

Issue/Introduction

We have received mail from our Security team mentioning ssl-cve-2011-3389-beast vulnerability in DX-OI 

 

Environment

Release : 21.3

Resolution

This is a false vulnerability issue for Broadcom Products (APM, OI and AXA).
 
- DX OI and Dashboards endpoints in DX SaaS and we are not vulnerable as we use TLS 1.2 or higher.
This will not be relevant for DX Gateway, DX Platform, DX Installer as it's specifically about communication between user's browser and UIs.
 
- The APM endpoint (apmgw.dxi-xxx) is also not vulnerable in SaaS.
 
 
Suggestion: validate that all your DX ingres/routes with the TLS checker to confirm those are not vulnerable. 

Additional Information

 

 

Powered by Wolken Software