UIM security Vulnerability for CWE-522 found on the OC Server
search cancel

UIM security Vulnerability for CWE-522 found on the OC Server

book

Article ID: 384296

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

A vulnerability scan found that the machine that has the OC Server on it shows that CWE-522: Insufficiently Protected Credentials' vulnerability present.

Environment

UIM 23.4 GA version through CU2

Resolution

CWE-522 vulnerability does not apply to UIM. UIM does not store user credentials directly. For authentication purposes, UIM utilizes JSON Web Tokens (JWT), which are stateless and do not involve storing sensitive user information in the system.

Additional Information

CWE-522: Insufficiently Protected Credentials: https://cwe.mitre.org/data/definitions/522.html