Vulnerability -running daemon is not managed by RPM


Article ID: 211601


Updated On:


DX Infrastructure Management


We have upgraded servers from RHEL 6 to 7.9 version and ran security scan but we are getting following Vulnerability.

The following running daemon is not managed by RPM :





Release : 20.3



This is not actually a vulnerability in the normal sense, it is simply a warning that a program is running which was installed manually instead of using an RPM.

This is an expected behavior for UIM.   The package system/RPM only installs the agent/robot.  The cdm probe is installed by the user and runs as a child process of the robot/agent.  It is not possible to install the CDM probe (or any probe) using an RPM because it is installed through the product itself (e.g. Infrastructure Manager or Admin Console.)

This does not represent a vulnerability or something that can be exploited, rather it is perfectly normal UIM behavior and should be ignored. This is provided only as a warning to system administrators to help adhere to best practices; but again, this is simply how UIM works and there is nothing that can (or needs to) be done about it.