Find Answers

Filter Search Results
All Operating Systems:
All Products:

All Solution Types:
Ask a Question
Example: "Database could not be verified"  
Tips | Start Over | Solutions | Alerts | Patches | Defects  
Pages [Next]
CMS-XML In 11.3 Configurator can now easily enable the following secure response HTTP header options for IIS and Tomcat
X-CONTENT-TYPE-OPTIONS (anti-sniffing) X-XSS-PROTECTION (cross-site scripting filtering) Adding secure header responses from IIS and Tomcat tightens security and can prevent malicious attacks against your SBM system.
HTML Solutions Business Manager 11.3 Security Bulletin
Summary Secure Response Headers (ENH285850) Administrators can now enable the following secure response header options:
HTML Solutions Business Manager 11.7.1 Security Bulletin
Recommended Security Configuration sub-tab in SBM Configurator. Enable HTTP secure response headers in the Security | Secure Response Headers
PDF Serena Business Manager 11.0 Web Application Security Assessment
Report creation and execution Passed. False positive response header finding Code inspection shows that this is cleaned up correctly after a redirect. User profile modification Passed.
CMS-XML Tips for Securing SBM Server
Use SBM Configurator to enable security response headers. Under Security > Secure Response Headers check Enable. After you apply Configurator, do the following:
CMS-XML Work Center dashboard URL widgets can be an XSS security threat
Note: If you are running HTTPS with secure response headers , URLs that do not match the SBM host name will NOT be allowed. See the resolution to disable url widgets in SBM 11.7.1 and 11.8.
HTML Solutions Business Manager 11.4 Security Bulletin
Summary file on the Application Engine server is now encrypted. CRSF Vulnerability with Empty SSO Token Header (DEF310972) Fixed a CSRF vulnerability that could occur when an empty ALFSSOAuthToken header was provided.
PDF Solutions Business Manager 11.8 Web Application Security Assessment White Paper
■ Micro Focus evaluated the results of the scans, looking for requests with potential vulnerabilities. ■ Communication attacks (HTTP header and query string analysis) ■ Authentication attacks (cross-site request forgery attacks [CSRF]) SBM provides customization of this sanitization via SBM Application Administrator.
PDF Serena Business Manager 11.2 Web Application Security Assessment
Use Cases • External/out-of-band interaction • HTTP header injection • XML/SOAP injection • LDAP injection • Cross-site request forgery • Open redirection • Header manipulation • Server-level issues Serena evaluated the results of these scans, looking for requests with potential vulnerabilities.
CMS-XML SBM Web Application Firewall Configuration using ModSecurity on the Security tab in Configurator
4. Click Apply and make sure that the IIS service is restarted. Adding a Rule to Enforce the “application/json” Request Header for all JSONPage Application Engine Requests
Pages [Next]

Welcome kb sso

My Recent Searches

Search Feedback

Are we answering your questions?

Additional Assistance

  • Submit a Case Online
  • FAQs