This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
MyIT Service Broker
DWP 18.00, DWP 19.xx
A Security team did a vulnerability scan on the DWP Catalog server and they raised the following security issue :
"A production system is not recommended to have the JMX/RMI service publicly available. Access to this service should be restricted"
What can we do to restrict it ?
There is a fix -com.bmc.arsys.messaging-19.2.0.jar- for this issue as well that we can provide for 19.11 +. There should not any side effects of this change as it was validated on the remedy side and is considered low risk.
Details are below:
DRMY1-19199 - Do not start a new JMX connector for active mq rather let it use the already available JVM JMX connector. This will make sure serverj does not use 1099 port anymore.
1. Stop DWP Catalog Server
2. Move existing server jars to safe location
mv /opt/bmc/digitalworkplace/lib/start/startlevel7/com.bmc.arsys.messaging-19.2.0.jar <safe_location>/.
3. Copy the new jars com.bmc.arsys.messaging-19.2.0.jar to /opt/bmc/digitalworkplace/lib/start/startlevel7/
4. Delete all files from bundle-cache directory (/opt/bmc/digitalworkplace/bundle-cache)
5. Start DWP Catalog Server