DX UIM 23.4 - CVE(s) / CWE(s) / OWASP A05:2021; CWE-598 GET and POST vulnerabilities

search cancel

DX UIM 23.4 - CVE(s) / CWE(s) / OWASP A05:2021; CWE-598 GET and POST vulnerabilities

book

Article ID: 371779

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

For OC logins, treat GET and POST as separate data sources

Please advise if this vulnerability finding from our security team can be fixed, or if a product enhancement request is needed. The security team requires either a remediation or a statement that this vulnerability cannot be remediated at this time. If remediation is not possible at this time, what is the estimated time needed for remediation?

https://owasp.org/Top10/A05_2021-Security_Misconfiguration/

https://cwe.mitre.org/data/definitions/598.html

Environment

DX UIM 20.4 CU10 or higher

Resolution

This vulnerability will not be remediated at this time.

A05:2021; CWE-598 will be addressed in DX UIM version 23.4 CU3.

Feedback

thumb_up Yes

thumb_down No