1 2 Previous Next 23 Replies Latest reply on Jul 14, 2020 2:25 AM by Abdul Moid Mohammed

    Java JMX Agent Insecure Configuration (118039) on the Application Servers

    Abdul Moid Mohammed
      Share This:

      Hi Team,


      We are on BMC Remedy ARS,ITSM,SRM( and SLM(9.1.04) with Windows as OS and Oracle as DB.

      We are getting frequent vulnerabilities being reported by our Vulnerablity team on the application servers of all the environments(Demo,DEV,TST and Production)

      We get the below details from Vulnerability team.


      Plugin Output


      D:\Program Files\BMC Software\ARSystem\.\lib\com.bmc.arsys.boot-9.1.04-SNAPSHOT.jar;./lib/spring-instrument-4.1.9.RELEASE.jar



      -Xms8589934592 -Xmx8589934592 -XX:OnOutOfMemoryError=taskkill /PID %p /F -Dcom.bmc.arsys.boot.flavor=server -XX:+DisableExplicitGC -Dcom.sun.management.jmxremote -XX:NewRatio=2 -XX:MaxMetaspaceSize=512M -XX:MetaspaceSize=384M -Xss2M -Dlogback.configurationFile=file:./conf/logback_server.xml -Djavax.xml.transform.TransformerFactory=org.apache.xalan.processor.TransformerFactoryImpl -javaagent:./lib/spring-instrument-4.1.9.RELEASE.jar -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+UseCompressedOops -Djava.library.path=./lib/upgradeutils/sqlauth/x64 -XX:HeapDumpPath=./Logs -XX:+HeapDumpOnOutOfMemoryError -XX:ErrorFile=file:./ARServer/db/arserverjvmcrash_PID%p.log -Dorg.osgi.framework.os.name=win32 -Dorg.eclipse.equinox.http.jetty.autostart=false -Djetty.home=./jetty


      Tried to check on this input arguments and they are picked up from arserver.config on the application servers.

      Tried to comment them and asked the team to run the scan on one of the servers and it was clean scan with none vulnerable but the application (ARS Service) will not start once those parameters are commented on arserver.config


      Is there any workaround to get this issue addressed and have all our Environments not vulnerable anymore.


      Appreciate response at your earliest availability.


      Regards;--Abdul Moid

        1 2 Previous Next