RSA AM 7.1: Security Vulnerability reported by IBM Rational AppScan 'Potential Order Information Found'
Originally Published: 2012-06-27
Article Number
Applies To
IBM Rational AppScan Enterprise Edition
Issue
Security scan reported instances of "Potential Order Information Found". It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations.
Cause
https://<macine_name>:7072/console-infocenter/content/help:/com.rsa.imsconsole.help/console-help/order.txt(Directory: )
https://<macine_name>:7072/console-infocenter/content/help:/com.rsa.imsopsconsole.help/console-help/styles/order.txt(Directory: )
https://<macine_name>:7072/console-infocenter/content/help:/order.txt(Directory: )
https://<macine_name>:7072/console-infocenter/content/help:/com.rsa.imsopsconsole.help/order.txt(Directory: )
https://<macine_name>:7072/console-infocenter/content/help:/com.rsa.imsconsole.help/order.txt(Directory: )
https://<macine_name>:7072/console-infocenter/content/help:/com.rsa.imsopsconsole.help/console-help/images/order.txt(Directory: )
https://<macine_name>:7072/console-infocenter/content/help:/com.rsa.imsopsconsole.help/images/order.txt(Directory: )
https://<macine_name>:7072/operations-console/order.txt(Directory: )
https://<macine_name>:7072/operations-console/order.htm(Directory: )
https://<macine_name>:7072/operations-console/order.html(Directory: )
Resolution
False Alarm:
This is a false alarm. We do not use order.txt
example:
Vulnerable URL: https://<macine_name>:7072/console-infocenter/content/help:/com.rsa.imsopsconsole.help/console-help/styles/order.txt(Directory: )
Remediation Tasks: Do not keep sensitive information in easy to guess file names, or restrict access to them
but styles has doc_styles.css and print_styles.css and doesn?t contain order.txt
Scanner inserts the above url with order.txt and looks for specific error while application filters out the parameter order.txt as it doesn't exist.
Related Articles
How to restart RSA Web Threat Detection services in the proper order Number of Views Change Boot order for DLP Dell R610 and R620 appliance Boot from ISO Image Number of Views RSA Identity Governance & Lifecycle display order and value of report column changes automatically Number of Views RSA Identity Governance & Lifecycle email approval macro ValidReplyAnswers orders URL in the wrong order Number of Views SA Looking for Live Manager Thick client in order to down load packages for off external Network SA Servers Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
