How to avoid SSL related vulnerabilities in APM Database Server(PostgreSQL)?

Document ID : KB000009301
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

User installed CA APM Database (PostgreSQL) with SSL self-signed certificate and found database open access on the Database Server when running a VA Scan on the system.

Environment:
All versions of CA Application Performance Management (APM)
Cause:

The vulnerability was from the application perspective. 

Resolution:

To avoid the vulnerability on the SSL of APM DB server(PostgreSQL), you need to configure the client authentication in pg_hba.conf file in the data folder of the PostgreSQL database, which allows local and specific IPs to have privilege login, but reject others.

For more details on the configuration, please see:
https://stackoverflow.com/questions/11753296/configure-postgresql-to-work-for-only-localhost-or-specified-ip-port

Additional Information: