When you run a security scan on vRealize Business for Cloud, you might see security vulnerabilities for two pages in vRealize Business for Cloud.

Problem

If you run a security scan on vRealize Business for Cloud, you might see security vulnerabilities for two pages in vRealize Business for Cloud.

Cause

When you run a security scan on vRealize Business for Cloud using the network scanning tool, you might see security vulnerabilities for two pages in vRealize Business for Cloud.

Solution

  1. Navigate to/usr/local/tomcat/itbm-server/webapps/itfm-cloud/WEB-INF folder in the application.
  2. Locate the web.xml file and include the following code snippet.
    <filter>
    <filter-name>httpHeaderSecurity</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <async-supported>true</async-supported>
    <init-param>
    <param-name>antiClickJackingOption</param-name>
    <param-value>SAMEORIGIN</param-value>
    </init-param>
    <init-param>
    <param-name>xssProtectionEnabled</param-name>
    <param-value>true</param-value>
    </init-param>
    </filter>
    <filter-mapping>
    <filter-name>httpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>  
    </filter-mapping>