Admin UI Runtime Java vulnerabilities

book

Article ID: 126440

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



Single Sign-On (FKA Siteminder) Admin UI 12.8 comes shipped with 1.8.0_144 runtime Java. Security scans say I need at least java 1.8 update 191 or above to mitigate the vulnerabilities.  What version of Admin ui comes with runtime Java 1.8 update 191 or above?

Environment

Windows and Linux
Admin ui 12.8 and 12.8 SP1

Resolution

Both Admin UI 12.8 and 12.8 SP1 use runtime java version 1.8.0-144.

Admin UI Release 12.8 SP2 contains runtime java 1.8 update 202.

[[email protected]]# cat /opt/ca/siteminder/adminui/install_config_info/*ver* 
ProductName=CA Single Sign-On Administrative Console
FullVersion=12.80.200.1992

[[email protected]]# pwd 
/opt/ca/siteminder/adminui/runtime/bin 
[[email protected]]# ./java -version 
java version "1.8.0_202" 
Java(TM) SE Runtime Environment (build 1.8.0_202-b08) 
Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)

Additional Information

For more information about 12.8 SP2, please see the release notes link below:
https://docops.ca.com/ca-single-sign-on/12-8/en/release-notes/service-packs