Vulnerability report finding: VMware Aria Suite Lifecycle 8.12 and above is using port 5480
Article ID: 326069
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- Port 5480 and service vami-lighttpd will be listed in a vulnerability report/scan.
Environment
VMware Aria Suite Lifecycle 8.x
VMware vRealize Suite Lifecycle Manager 8.x
VMware vRealize Suite Lifecycle Manager 8.x
Cause
Port 5480 and vami-lighttpd are enabled in VMware Aria Suite Lifecycle 8.12 and above.
Resolution
VMware is aware of this issue and is being considered for inclusion in a later release. See the Workaround section below for more information.
Workaround:
Workaround:
Disable the service
Prerequisites
- You have access to SSH with root username and password
- You have taken appropriate backups or recent snapshots of the appliance.
Procedure
- Run the following command to disable services:
systemctl stop vami-lighttp && systemctl disable vami-lighttp - Re-run the vulnerability scan against the Aria Suite Lifecycle appliance.
- Confirm the port is no longer listening as reported by the scanner.
Additional Information
Impact/Risks:
Running the steps provided in the workaround section has no functionality impact on the running appliance.
Running the steps provided in the workaround section has no functionality impact on the running appliance.
Feedback
Yes
No
Powered by
