Java JMX Agent Insecure Configuration

Version 1
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Remedy AR System Server


    COMPONENT:

    Remedy AR System Server


    APPLIES TO:

    AR Server 9.1.02 onwards



    PROBLEM:

    Security scans detected a JMX vulnerability, enabling SSL doesn´t work to fix the issue. 





     


    CAUSE:

    Security software reports a "Java JMX Agent Insecure Configuration"


    SOLUTION:

    Apply the latest hotfix for the latest patch.This 
    must include the below defect description:

    "JMX Vulnerability in 9.1.x."

    Versions affected:

    9.1.02 p4 - Hotfix needed: SR_9102P4_20190130_CU_ALL
    SW00555263    JMX Vulnerability in 9.1.x.    01/29/2019

    9.1.03 p1 - Hotfix needed: SR_9103P1_20190207_CU_ALL
    SW00555267    JMX Vulnerability in 9.1.x.    02/06/2019

    9.1.04 p2 - Hotfix needed: SR_9104P2_20190217_CU_ALL
    SW00555268    JMX Vulnerability in 9.1.x.    01/31/2019

    18.05 p5 - Hotfix needed: SR_1805P5_20190204_CU_ALL
    SW00554207    JMX Vulnerability in 9.1.x.    01/07/2019

    18.08 p1  - Hotfix needed: SR_1808P1_20190131_CU_ALL
    SW00555266    JMX Vulnerability in 9.1.x.    01/30/2019


    Article Number:

    000165306


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles