Vulnerability report finding: VMware Aria Suite Lifecycle 8.12 and above is using port 5480
book
Article ID: 326069
calendar_today
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- Port 5480 and service vami-lighttpd will be listed in a vulnerability report/scan.
Environment
VMware Aria Suite Lifecycle 8.x
VMware vRealize Suite Lifecycle Manager 8.x
Cause
Port 5480 and vami-lighttpd are enabled in VMware Aria Suite Lifecycle 8.12 and above.
Resolution
VMware is aware of this issue and is being considered for inclusion in a later release. See the Workaround section below for more information.
Workaround:
Disable the service
Prerequisites
- You have access to SSH with root username and password
- You have taken appropriate backups or recent snapshots of the appliance.
Procedure
- Run the following command to disable services:
systemctl stop vami-lighttp && systemctl disable vami-lighttp
- Re-run the vulnerability scan against the Aria Suite Lifecycle appliance.
- Confirm the port is no longer listening as reported by the scanner.
Additional Information
Impact/Risks:
Running the steps provided in the workaround section has no functionality impact on the running appliance.
Feedback
thumb_up
Yes
thumb_down
No