Security Scan Vulnerability Finding on our CA Catalog servers on port 1099:
Java JMX Agent Insecure Configuration
Here is what Tenable says about it:
Java JMX Agent Insecure Configuration (118039)
A remote Java JMX agent is configured without SSL client and password authentication.
A Java JMX agent running on the remote host is configured without SSL client and password authentication. An unauthenticated, remote attacker can connect to the JMX agent and monitor and manage the Java application that has enabled the agent.
Moreover, this insecure configuration could allow the attacker to create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, the attacker could execute arbitrary code on the remote host under the security context of the remote Java VM.
Enable SSL client or password authentication for the JMX agent.
SERVICE MANAGEMENT 17.1
Service Catalog 17.1