Vulnerability-running daemon is not managed by RPM
search cancel

Vulnerability-running daemon is not managed by RPM


Article ID: 211601


Updated On:


DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)


We have upgraded servers from RHEL 6 to 7.9 version and ran a security scan but we are getting the following vulnerability:

The following running daemon is not managed by RPM:



This issue is seen in RHEL 8.x as well.


  • Release: 20.3


This is not actually a vulnerability in the normal sense, it is simply a warning that a program is running which was installed manually instead of using an RPM. 

  • This is an expected behavior for UIM.
  • The package system/RPM only installs the agent/robot.  
  • The cdm probe is installed by the user and runs as a child process of the robot/agent.
  • It is not possible to install the CDM probe (or any probe) using an RPM because it is installed through the product itself (e.g., Infrastructure Manager or Admin Console.)
  • This does NOT represent a vulnerability or something that can be exploited, rather it is perfectly normal UIM behavior and should be ignored.
  • This is provided only as a warning to system administrators to help adhere to best practices; but again, this is simply how UIM works and there is nothing that can (or needs to) be done about it.