UCMDB Support Tip: UCMDB Security Vulnerability Identified with AXIS2 Web Service
In the event of completing a targeted security test on HP uCMDB application servers. When testing was initiated in response to the discovery of one of servers being vulnerable to a potentially serious security attack.
Having determined that a subset of the uCMDB servers were in fact vulnerable to an attacker remotely uploading and activating a malicious AXIS2 web service which would result in the complete compromise of the servers themselves and any sensitive data contained.
In order to assess the risk you may have uploaded and activated a test web service on one of the uCMDB non-production servers. As a result, one was able to assume complete control of the server and retrieve sensitive data.
By leveraging this sensitive data, one was ultimately able to retrieve user credentials that would enable an attacker to remotely log in to a large UNIX servers and to remotely access certain Windows servers.
As a result the AXIS2 web service administrative interface was configured with the default administrator account and password. Having reconfigured the AXIS2 web service to eliminate any potential risk.
If such scenario is encountered please note this is a known issue, as a workaround one will need to change the Axis2 password.
The password could be changed without any problem for UCMDB but other products using UCMDB WebServices should have options to change user/pass used.
This is resolved in 10.10 CUP2, reference https://support.openview.hp.com/selfsolve/document/KM00770975
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution."
Click the KUDOS star on the left to say 'Thanks'