APM Command Center Security Vulnerabilities flagged in a security audit.

book

Article ID: 8204

calendar_today

Updated On:

Products

APP PERF MANAGEMENT CA Application Performance Management Agent (APM / Wily / Introscope) CUSTOMER EXPERIENCE MANAGER INTROSCOPE

Issue/Introduction

 A customer failed a security audit because the default webpage for APM Command Center does not have Autocomplete disabled on the password field. 

Cause

 This page is not coded to include this parameter.

Environment

APM Command Center 10.x

Resolution

 A code fix was issued to correct this problem for the customer.  If having this same issue, then open a new Support case @ Support.ca.com and request the fix from Defect DE311699.  Support Engineers will then have to request the fix and provide this file to you. 

The fix is to replace only one file and restart the Enterprise Manager and APM Command Center.

Additional Information

This issue is scheduled be fixed in CA APM 10.7.