AutoSys Workload Automation

Hi

IT security service found a list of vulnerabilities in autosys application, for example:
"PostgreSQL PassTheHash Protocol Design Weakness Detected"
"Oracle Java SE Critical Patch Update - June 2013"
"Sun Java Multiple Vulnerabilities" and many othres.
Components, that need to be updated, were installed with application and they are all in SharedComponents directory. I am interested in updating SharedComponents/JRE/1.5.0_11 and SharedComponents/pgsql componets. Is it possible to update postgres to newer version and JRE 1.5 to 1.8?
How can I do this, and will application be still working after that?

Hello Bohdan,

What version of AutoSys are you running?
At a previous employer we were able to replace the embedded JRE with a link to a separate JRE 1.8 installation, running 11.3.6 SP6 or SP7.
I cannot speak to the PostgreSQL.

Regards,
JoeP
Original Message:
Sent: 09-04-2020 02:16 AM
From: Bohdan Zaiachkovskyi
Subject: Autosys vulnerabilities

Hi

IT security service found a list of vulnerabilities in autosys application, for example:
"PostgreSQL PassTheHash Protocol Design Weakness Detected"
"Oracle Java SE Critical Patch Update - June 2013"
"Sun Java Multiple Vulnerabilities" and many othres.
Components, that need to be updated, were installed with application and they are all in SharedComponents directory. I am interested in updating SharedComponents/JRE/1.5.0_11 and SharedComponents/pgsql componets. Is it possible to update postgres to newer version and JRE 1.5 to 1.8?
How can I do this, and will application be still working after that?

I did the same last year. Removed the outdated java that was embedded with the applications and created a symlink to our OS installed java.

I also just started the process to upgrade to r12.0 that finally has built-in support for configuring an OS/external JRE.

I have yet to install r12 and at this point am unsure if the embedded OpenJDK is still installed with external configuration, which would again become a vulnerability as it ages and would also have to be removed.
Original Message:
Sent: 09-10-2020 11:48 AM
From: Joseph Poutre
Subject: Autosys vulnerabilities

Hello Bohdan,

What version of AutoSys are you running?
At a previous employer we were able to replace the embedded JRE with a link to a separate JRE 1.8 installation, running 11.3.6 SP6 or SP7.
I cannot speak to the PostgreSQL.

Regards,
JoeP
Original Message:
Sent: 09-04-2020 02:16 AM
From: Bohdan Zaiachkovskyi
Subject: Autosys vulnerabilities

Hi

IT security service found a list of vulnerabilities in autosys application, for example:
"PostgreSQL PassTheHash Protocol Design Weakness Detected"
"Oracle Java SE Critical Patch Update - June 2013"
"Sun Java Multiple Vulnerabilities" and many othres.
Components, that need to be updated, were installed with application and they are all in SharedComponents directory. I am interested in updating SharedComponents/JRE/1.5.0_11 and SharedComponents/pgsql componets. Is it possible to update postgres to newer version and JRE 1.5 to 1.8?
How can I do this, and will application be still working after that?