New Vulnerabilities detected in IDM

1. The CWE-538 is exposed via the application server. 
 
CWE Coverage for Red Hat Customer Portal - Red Hat Customer Portal

Redhat article #171613

Customer Environment : Vapp 14.4.2 

Support Environment : Vapp 14.4.2 

Support Reproduced? (Y/N): Y

Steps to Reproduce:

1. use this on your browser to and replace your Vapp IP Address on it.
this is a Vapp 14.4.2 (Support Lab 192.168.0.1)

https://192.168.0.1/node_modules/angular/bower.json
https://192.168.0.1/node_modules/truncate.js/gulpfile.js
https://192.168.0.1/node_modules/truncate.js/package.json
https://192.168.0.1/package.json

Support Analysis:  URL shows info like following
{
  "name": "virtual-appliance-user-portal",
  "version": "1.0.0",
  "description": "Symantec Virtual Appliance User Portal Web Application",
  "main": "main.js",
  "dependencies": {
    "angular": "1.8.3",
    "truncate.js": "1.1.2"
  }
}

{
  "name": "angular",
  "version": "1.8.3",
  "license": "MIT",
  "main": "./angular.js",
  "ignore": [],
  "dependencies": {
  }

Release : 14.4

Applied HF_VA-v2-20231012104835-DE579197.tgz.gpg 

after the patch applied 

After applied you can run the tests again and will see response on browser like

Not Found

The requested URL was not found on this server.

Tested all the URL's and all them shows HTTP 404 after the HF

https://192.168.0.1/node_modules/angular/bower.json
https://192.168.0.1/node_modules/truncate.js/gulpfile.js
https://192.168.0.1/node_modules/truncate.js/package.json
https://192.168.0.1/package.json

Please , open a suppot case in Broadcom Support for additional assistance if needed.