Layer 7 API Management

Expand all | Collapse all

Oracle Java Vulnerabilities

Jump to Best Answer
  • 1.  Oracle Java Vulnerabilities

    Posted 08-23-2019 02:46 PM
    Hi,

    Our current API Gateway's are running on v9.3 (ssg-9.3.00-9006_CR04.noarch) and when we ran our security scans using Nessus Agent on the servers for scanning through Tenable, we are getting the following vulnerability error. The path it is referring to is /opt/SecureSpan/JDK/bin

    Oracle Java SE 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1 Multiple Vulnerabilities (Apr 2019 CPU) (Unix)
    The remote Unix host contains a programming platform that is affected
    by multiple vulnerabilities.

    The scans suggest the following solution,

    Upgrade to Oracle JDK / JRE 12 Update 1 , 11 Update 3, 8 Update 211 / 7 Update 221 or later. If necessary, remove any affected versions.

    How do we get through these errors ?  Do we have any patch (with latest Java 8 update 211 or latter) readily available to remediate this issue.
    I have already applied the latest monthly platform update (CA_API_PlatformUpdate_64bit_v9.X-RHEL-2019-07-25.L7P)  as well but it didn't help.



    ------------------------------

    Thanks
    Prashanth
    ------------------------------


  • 2.  RE: Oracle Java Vulnerabilities
    Best Answer

    Posted 09-06-2019 03:13 AM
    Hi Prashanth,

    This issue is resolved with the introduction fo the version 9.4 CR3 https://docops.ca.com/ca-api-gateway/9-4/en/release-notes-9-4/resolved-issues#ResolvedIssues-IssuesResolvedinVersion9.4CR3

    You can download the patch/updates from here https://techdocs.broadcom.com/us/product-content/recommended-reading/technical-document-index/ca-api-gateway-solutions-and-patches.html

    Hope this help,

    Thanks,
    Diego Martins




  • 3.  RE: Oracle Java Vulnerabilities

    Posted 09-13-2019 12:11 PM
    Thanks. We upgraded to v9.4 and applied CR03 patch thats ships with openjdk version "1.8.0_222" , and all vulnerabilities got cleared.