BlueXP Services

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BlueXP Services

Ask a Question

Redis vulnerability against Classification VM

Pedrol
NetApp
‎2025-01-29 02:24 AM
426 Views

Hi team,

 

We've deployed a private mode BlueXP Connector and Data Classification VMs to test the Data Classification product against one of our QA filers (sanqanascl100d). Our security team have run a Qualys scan against the Connector and Data Classification VMs. They have reported a redis vulnerability against the BlueXP Connector VM (hostname:sanadmbxp0001d) - specifically, "Redis Server Accessible Without Authentication detected on port 63791 over TCP". I've had a look at the containers running on the Connector VM and there's a Redis server running on a container called "ds_cc_charger_1".

Pedrol_0-1738146177537.png

 

There is a redis server running in a container called ds_cc_charger_1 running from an image called cloudmanagerinfra.azurecr.io/cc_charger_app_and_redis:darksite which is listening on port 63791:

 

Pedrol_1-1738146209068.png

 

 

the Qualys Vulnerability Scanning tool that has picked this up.

I have to either get the reported vulnerability remediate or provide an explanation as to what the risk is and how big it is from a security point of view. It may require some kind of config change to be done on redis to alleviate this.

Support case 2010284575 

0 Kudos
1 ACCEPTED SOLUTION

Adithya_Kameswaran
NetApp
4 weeks ago
318 Views

Hello Pedro, 

I believe you have opened a BlueXP Service discussion instead of a Security KX discussion. Please search for "Security KX Discussion" in the search bar and open a new discussion to reach out to Ryan and Team for further assistance on the vulnerabilities observed in the BlueXP Connector. Also, please try to get the Qualys scanner report so that the same can be attached to the Security KX discussion that you will be opening. 

Reference: Security KX Discussions - NetApp Community

View solution in original post

1 REPLY 1

Adithya_Kameswaran
NetApp
4 weeks ago
319 Views

Hello Pedro, 

I believe you have opened a BlueXP Service discussion instead of a Security KX discussion. Please search for "Security KX Discussion" in the search bar and open a new discussion to reach out to Ryan and Team for further assistance on the vulnerabilities observed in the BlueXP Connector. Also, please try to get the Qualys scanner report so that the same can be attached to the Security KX discussion that you will be opening. 

Reference: Security KX Discussions - NetApp Community

Announcements
All Community Forums
Public