McAfee Vulnerability Error StruxureWare Portal

DCIM_Support · ‎2020-07-04

Good day

Please assist

Our StruxureWare Portal server has been identified as a Security risk to the business. See below Vulnerability errors from our Security Team:

TLS/SSL RC4 Cipher Suites Information Disclosure Vulnerability [FID 18179]

SSL/TLS Protocol Triple-DES Information Disclosure Vulnerability [FID 20465]

SSLv3 Information Disclosure Vulnerability [FID 17281]

Web Server Supports Outdated SSLv2 Protocol [FID 1858]

With the exception of error " Web Server Supports Outdated SSLv2 Protocol [FID 1858]" McAfee recommends to disable the TLS/SSL protocol.

Please advise what is the impact should we proceed to disable these protocols.

Portal version - 1.3.5

Kind regards

Juice

DCIM_Support · ‎2020-07-04

Hi Juice,

I was wondering perhaps restricting the ssl protocol to TLS 1.2 (sslProtocol="TLSv1.2") could be an option to try out. Following page describes how to enable/configure ssl in Portal: Enable SSL in StruxureWare Portal

However Portal is based on Liferay 6 (currently no plans for update) so I won't be surprised if it doesn't pass the vulnerability scans.

Kind regards

DCIM_Support · ‎2020-07-04

Thank you Jeff... very much appreciated.

I wil have to raise this at our change management.

Once again thank you for your assistance

kind regards

DCIM_Support · ‎2020-07-04

You are most welcome, Juice

Kind regards

DCIM_Support · ‎2020-07-04

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.