Vulnerability-running daemon is not managed by RPM
Article ID: 211601
Updated On:
Products
DX Unified Infrastructure Management (Nimsoft / UIM)
CA Unified Infrastructure Management On-Premise (Nimsoft / UIM)
CA Unified Infrastructure Management SaaS (Nimsoft / UIM)
Issue/Introduction
We have upgraded servers from RHEL 6 to 7.9 version and ran a security scan but we are getting the following vulnerability:
The following running daemon is not managed by RPM:
/opt/nimsoft/probes/system/cdm/cdm
/opt/nimsoft/probes/database/mysql/mysql_monitor
/opt/nimsoft/probes/system/cdm/cdm
/opt/nimsoft/probes/system/logmon/logmon
/opt/nimsoft/probes/system/processes/processes
/opt/nimsoft/jre/jre8u262b10/bin/java
This issue is seen in RHEL 8.x as well.
Environment
- Release: 20.3
- Component: UIM - SECURITY VULNERABILITIES
Resolution
This is not actually a vulnerability in the normal sense, it is simply a warning that a program is running which was installed manually instead of using an RPM.
https://www.tenable.com/plugins/nessus/33851
- This is an expected behavior for UIM.
- The package system/RPM only installs the agent/robot.
- The cdm probe is installed by the user and runs as a child process of the robot/agent.
- It is not possible to install the CDM probe (or any probe) using an RPM because it is installed through the product itself (e.g., Infrastructure Manager or Admin Console.)
- This does NOT represent a vulnerability or something that can be exploited, rather it is perfectly normal UIM behavior and should be ignored.
- This is provided only as a warning to system administrators to help adhere to best practices; but again, this is simply how UIM works and there is nothing that can (or needs to) be done about it.
Feedback
Yes
No
Powered by
