Hi team,

We've deployed a private mode BlueXP Connector and Data Classification VMs to test the Data Classification product against one of our QA filers (sanqanascl100d). Our security team have run a Qualys scan against the Connector and Data Classification VMs. They have reported a redis vulnerability against the BlueXP Connector VM (hostname:sanadmbxp0001d) - specifically, "Redis Server Accessible Without Authentication detected on port 63791 over TCP". I've had a look at the containers running on the Connector VM and there's a Redis server running on a container called "ds_cc_charger_1".

There is a redis server running in a container called ds_cc_charger_1 running from an image called cloudmanagerinfra.azurecr.io/cc_charger_app_and_redis:darksite which is listening on port 63791:

the Qualys Vulnerability Scanning tool that has picked this up.

I have to either get the reported vulnerability remediate or provide an explanation as to what the risk is and how big it is from a security point of view. It may require some kind of config change to be done on redis to alleviate this.

Support case 2010284575