FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Looking to upgrade from Dynatrace Managed to SaaS? See how

Found vulnerability in cassandra process

Go to solution
AskMe-Solutions
Helper

‎28 May 2021 08:24 AM

Hello Everyone,

 

From VA scan report, We have founded vulnerability "JMX Authentication Not Enabled on Localhost Interface" that about SSRF attacks or privilege escalation on the cassandra process of Dynatrace managed. So we need to know what we can do on this vulnerability to secure.

 

Thank you,

Dynatrace Askme.

0 Kudos
Reply
1 REPLY 1

Go to solution
The_AM
Dynatrace Champion
Dynatrace Champion

‎01 Jun 2021 12:54 AM

Hi AskMe Solutions,

Dynatrace Managed cassandra nodes don't have authentication and authorization enabled. Dynatrace Managed mitigates that risk by automatically putting IP table rules (firewall rules) in place, which make sure that only Dynatrace server nodes are able to access the cassandra port on the cassandra nodes. Cassandra is used only by Dynatrace Managed internally.

 

Dynatrace managed creates a dedicated user "dynatrace" in group "dynatrace" that is used for Cassandra. The user dynatrace is non-privileged service user (no console) and is not used for anything other than Dynatrace Managed.

 

If

If you have further queries about this, I suggest to open a ticket with Dynatrace Support, or chat with a specialist using the in-product live chat function.

Regards,
Andrew M.
0 Kudos
Reply
Ask a question

Featured Posts