Crossdomain.xml Policy Vulnerability Detected on CA PPM Servers

Document ID : KB000109689
Last Modified Date : 06/08/2018
Show Technical Document Details
When testing for vulnerabilities your internal security scans may detect a vulnerability on CA PPM on-premise servers regarding permissive crossdomain.xml policies. A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
The crossdomain.xml file is used for our integration into the Business Objects Xcelsius Solution. Since the whole Business Objects integration has reached its EOS date: 

The following is where we document how we use this file and for: 

You can use the * (asterisk) character as a wildcard. domain=* allows access from any domain. The domain access can be restricted, which limits the access for outside domains. For example, *, 

You can update the crossdomain.xml put your domain name instead of * to deter potential malicious activity.
<allow-access-from domain="*"/>