Enabling kafka on the servers leads to Java JMX vulnerabilities

Question

AnkitaShukla

Member since 2014

5 posts

Morgan Stanley

Posted: Jul 5, 2022

Last activity: Jul 5, 2022

Posted: 5 Jul 2022 15:31 EDT
Last activity: 5 Jul 2022 15:31 EDT

Closed

Enabling kafka on the servers leads to Java JMX vulnerabilities

Report

Hi,

Whenever we enable the Stream service on our Pega environments, we get java jmx multiple vulnerabilities because of the below settings found in the kafka diagnostics. This raises an alarm as an enterprise security violation from Pega environments

contents={key=com.sun.management.jmxremote.authenticate, value=false}

,items=((itemName=key,itemType=javax.management.openmbean.SimpleType(name=java.lang.String)),(itemName=value,itemType=javax.management.openmbean.SimpleType(name=java.lang.String)))),contents={key=com.sun.management.jmxremote.ssl, value=false}

we dont have any tomcat properties which sets these properties to false on the prconfig. For now we have disabled the Stream service but it is required to be re-enabled. Is there a way, we can avoid these statements to be printed in kafka diagnostics. Is there any configuration which can enable authentication for kafka.

***Edited by Moderator Marissa to change Content Type from Discussion to Question; added capability tags***

To see attachments, please log in.

Pega Platform 8.1.1

System Administration

Financial Services

Lead System Architect

Likes (1)

Prashanth Sheela
Share this page Facebook Twitter LinkedIn Email Copying... Copied!

Question

Enabling kafka on the servers leads to Java JMX vulnerabilities

Need help or want to help others?

Experience the benefits of Support Center when you log in.

Question

Enabling kafka on the servers leads to Java JMX vulnerabilities

Related content:

Need help or want to help others?

Experience the benefits of Support Center when you log in.

We'd prefer it if you saw us at our best.