DWP Catalog - Security Vulnerability - Java Management Extensions (JMX/RMI) service is detected on the DWP Catalog server

Version 5
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    MyIT Service Broker


    APPLIES TO:

    DWP 18.00, DWP 19.xx



    PROBLEM:

    A Security team did a vulnerability scan on the DWP Catalog server and they raised the following security issue :

    "A production system is not recommended to have the JMX/RMI service publicly available. Access to this service should be restricted"

    What can we do to restrict it ?
     


    CAUSE:

    DRMY1-19199


    SOLUTION:

    There is a fix -com.bmc.arsys.messaging-19.2.0.jar- for this issue as well that we can provide for 19.11 +. There should not any side effects of this change as it was validated on the remedy side and is considered low risk. 

    Details are below:

    DRMY1-19199 - Do not start a new JMX connector for active mq rather let it use the already available JVM JMX connector. This will make sure serverj does not use 1099 port anymore.

    Deployment Steps
    1. Stop DWP Catalog Server
    2. Move existing server jars to safe location
    mv /opt/bmc/digitalworkplace/lib/start/startlevel7/com.bmc.arsys.messaging-19.2.0.jar <safe_location>/.
    3. Copy the new jars com.bmc.arsys.messaging-19.2.0.jar to /opt/bmc/digitalworkplace/lib/start/startlevel7/
    4. Delete all files from bundle-cache directory (/opt/bmc/digitalworkplace/bundle-cache)
    5. Start DWP Catalog Server
     


    Article Number:

    000323830


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles