Operator Console Security Risk - Missing or insecure "X-Content-Type-Options" header
search cancel

Operator Console Security Risk - Missing or insecure "X-Content-Type-Options" header

book

Article ID: 368108

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

We have been flagged on DX UIM 20.4x for a security risk:  

Missing or insecure "X-Content-Type-Options" header

We are expecting to see "X-Context-Type-Options:  nosniff" in the response headers but it is not present.

Environment

DX UIM 20.4.10 and lower

Resolution

This is resolved in DX UIM 23.4.0 and higher.

This parameter will appear properly in all OC requests in DX UIM 23.4 and 23.4.1:

 

This fix has not yet been made available for DX UIM 20.4x, but It will also be resolved in the forthcoming CU11 patch for DX UIM 20.4 (tentative release - late September 2024).

Powered by Wolken Software