Admin UI Runtime Java vulnerabilities

Article Id: 126440

Status: Published

Updated On: 08-02-2019 14:08

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On SOA Security Manager (SiteMinder) , CA Single Sign-On , CA Single Sign-On

Issue/Introduction:

Single Sign-On (FKA Siteminder) Admin UI 12.8 comes shipped with 1.8.0_144 runtime Java. Security scans say I need at least java 1.8 update 191 or above to mitigate the vulnerabilities. What version of Admin ui comes with runtime Java 1.8 update 191 or above?

Environment:

Windows and Linux
Admin ui 12.8 and 12.8 SP1

Resolution:

Both Admin UI 12.8 and 12.8 SP1 use runtime java version 1.8.0-144.

Admin UI Release 12.8 SP2 contains runtime java 1.8 update 202.

[[email protected]]# cat /opt/ca/siteminder/adminui/install_config_info/*ver*
ProductName=CA Single Sign-On Administrative Console
FullVersion=12.80.200.1992

[[email protected]]# pwd
/opt/ca/siteminder/adminui/runtime/bin
[[email protected]]# ./java -version
java version "1.8.0_202"
Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)

Additional Information:

For more information about 12.8 SP2, please see the release notes link below:
https://docops.ca.com/ca-single-sign-on/12-8/en/release-notes/service-packs