CA APM 10.7.0.197 service pack 3 has Oracle Java version 1.8.0_2 1 1 high security vulnerability

book

Article ID: 132318

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) INTROSCOPE

Issue/Introduction

CA APM 10.7.0.197 service pack 3 has Oracle Java version 1.8.0_2 1 1 high security vulnerability

Cause

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the host is prior to 7 Update 221, 8 Update 211, 11 Update 3, or 12 Update 1.
Consequently, it is affected by multiple vulnerabilities related to the following components :

- 2D
- Libraries
- RMI
- Windows DLL

Environment

DX APM 10.7 SP3
Oracle JDK 1.8.2._211
 

Resolution

User can change the JRE location in lax files:-

Introscope_Enterprise_Manager.lax
and
Introscope_WebView.lax.

Customers can install vulnerability mitigated JRE and point the path to the below property.

lax.nl.current.vm=jre\\bin\\java.exe