Summary
Acunetix 360 detected that the Spring Boot web application is configured with Admin MBean enabled. Spring Boot allows developers to enable admin-related features for the application by specifying the spring.application.admin.enabled
property.
Impact
Depending on the configuration of the MBean, it might be possible for a remote attacker to manage the application remotely, including shutting it down without any authentication.
Actions To Take
In production websites it's recommended to disable the Admin MBean using the following configuration (in the Spring properties file):
spring.application.admin.enabled=false