Layer 7 API Management

Expand all | Collapse all

Oracle Java Vulnerabilities

Jump to Best Answer
  • 1.  Oracle Java Vulnerabilities

    Posted 25 days ago
    Hi,

    Our current API Gateway's are running on v9.3 (ssg-9.3.00-9006_CR04.noarch) and when we ran our security scans using Nessus Agent on the servers for scanning through Tenable, we are getting the following vulnerability error. The path it is referring to is /opt/SecureSpan/JDK/bin

    Oracle Java SE 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1 Multiple Vulnerabilities (Apr 2019 CPU) (Unix)
    The remote Unix host contains a programming platform that is affected
    by multiple vulnerabilities.

    The scans suggest the following solution,

    Upgrade to Oracle JDK / JRE 12 Update 1 , 11 Update 3, 8 Update 211 / 7 Update 221 or later. If necessary, remove any affected versions.

    How do we get through these errors ?  Do we have any patch (with latest Java 8 update 211 or latter) readily available to remediate this issue.
    I have already applied the latest monthly platform update (CA_API_PlatformUpdate_64bit_v9.X-RHEL-2019-07-25.L7P)  as well but it didn't help.



    ------------------------------

    Thanks 
    Prashanth
    ------------------------------


  • 2.  RE: Oracle Java Vulnerabilities
    Best Answer

    Posted 11 days ago
    Hi Prashanth,

    This issue is resolved with the introduction fo the version 9.4 CR3 https://docops.ca.com/ca-api-gateway/9-4/en/release-notes-9-4/resolved-issues#ResolvedIssues-IssuesResolvedinVersion9.4CR3 

    You can download the patch/updates from here https://techdocs.broadcom.com/us/product-content/recommended-reading/technical-document-index/ca-api-gateway-solutions-and-patches.html 

    Hope this help,

    Thanks,
    Diego Martins




  • 3.  RE: Oracle Java Vulnerabilities

    Posted 4 days ago
    Thanks. We upgraded to v9.4 and applied CR03 patch thats ships with openjdk version "1.8.0_222" , and all vulnerabilities got cleared.