Google Analytics must be disabled in EAP Console.

From JBoss EAP 6.3 Security Technical Implementation Guide

Associated with: CCI-000381

SV-76753r1_rule Google Analytics must be disabled in EAP Console.

Vulnerability discussion

The Google Analytics feature aims to help Red Hat EAP team understand how customers are using the console and which parts of the console matter the most to the customers. This information will, in turn, help the team to adapt the console design, features, and content to the immediate needs of the customers.Sending analytical data to the vendor introduces risk of unauthorized data exfiltration. This capability must be disabled.

Check content

Open the EAP web console by pointing a web browser to HTTPS://:9443 or HTTP://:9990 Log on to the admin console using admin credentials. On the bottom right-hand side of the screen, select "Settings". If the "Enable Data Usage Collection" box is checked, this is a finding.

Fix text

Using the EAP web console, log on using admin credentials. On the bottom right-hand side of the screen, select "Settings", uncheck the "Enable Data Usage Collection" box, and save the configuration.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.