Question:
We're runnning CA Single Sign-On 12.7 and we'd like to know if this Oracle
Vulnerability reports apply to it.
Credit Statement
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Answer:
CA Single Sign-On does include only this Oracle software :
Third-Party Software Acknowledgments
Oracle
Oracle Java Runtime Environment (JRE) 1.8.0_72
Oracle JDK (Java Development Kit) 1.8.0_77
https://docops.ca.com/ca-single-sign-on/12-7/en/third-party-software-acknowledgments
which are related to the AdminUI.
Looking at the 12 reported problem with Java SE, I see none affecting
the JRE nor JDK 1.8.0_72 and 1.8.0_77.
CVE-2018-3183 java 8u181 and 11
CVE-2018-3209 java 8u182
CVE-2018-3169 java 7u191, 8u182 and 11
CVE-2018-3149 Java 6u201, 7u191, 8u182 and 11
CVE-2018-3211 java 8u181, 8u182 and 11
CVE-2018-3180 java 6u201, 7u191, 8u181, 8u182 and 11
CVE-2018-3214 java 6u201, 7u191, 8u181 and 8u182
CVE-2018-3157 java 11
CVE-2018-3150 java 11
CVE-2018-13785 java 6u201, 7u191, 8u181, 8u182 and 11
CVE-2018-3136 java 6u201, 7u191, 8u181, 8u182 and 11
CVE-2018-3139 java 6u201, 7u191, 8u181, 8u182 and 11
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA
KB : KB000121500