Hello,
We are running in a very critical issue. Need your kinds thoughts, please review below details.
Background : We are running SharePoint 2013 on premises farm with 2 WFEs, 2 APPs and 1 DB server. As per the architecture we are running User Profile Service on APP1 & APP2 and User Profile Synchronization Service on APP1 server. Everything is running smoothly and AD profiles are syncing with SharePoint 2013.
Problem : We ran a security scan using a third party tool which scanned the whole farm and pointed few Vulnerabilities in servers. Most of them are fixed. However its pointing to http://localhost:5725 or http://MyServerIP:5725 saying that its allowing ClickJacking on this URL. This Vulnerability is appearing only on the server that is running User Profile Synchronization Service (i.e APP1). I am unable to find this binding in IIS with any site or web service. Research on Google says that it belongs to Forefront Identity Manager Synchronization Service which connects with AD for User Profile Synchronization Service.
I can see Inbound Rules in firewall and found that this port is allowed with below name.
ILM Web Service - RMS (Port 5725)
ILM Web Service - STS (Port 5726)
Question : Any idea how i can get to source of this service or prevent from ClickJacking?
I'll glad to provide more details on it and really thankful for your kind thoughts.
Regards,
Muhammad Zeeshan Tahir
