Based on our recent Vulnerability Assessment by security team they have found 1 critical item as per below which requires an urgent attention.

They recommend us to upgrade the Java to higher/recent as possible.

Current JRE installed for XCOM : /opt/CA/SharedComponents/JRE/1.8.0.45_ALL

Please advise on how to point the XCOM config to new upgraded Java?

88046 - Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH) (Unix)

Description : The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 71, 7 Update 95, or 6 Update 111. It is, therefore, affected by security vulnerabilities in the following components :
- 2D
- AWT
- JAXP
- JMX
- Libraries
- Networking
- Security

Solution: Upgrade to Oracle JDK / JRE 8 Update 71, 7 Update 95, 6 Update 111, or later. If necessary, remove any affected versions.

XCOM™ Data Transport® for Linux PC 11.6 SP00 version 13081 (GA Release)

Using XCOM 11.6 SP00 version 13081 (GA release) which distributes Java 1.8 u45

Both XCOM 11.6 SP01 and 12.0 install Oracle "JRE 8 Upgrade 77" so either will resolve the vulnerability.

To access the install media login to the Broadcom Support Portal 

Select "XCOM Data Transport - for Linux (PC) Linux All"

Download and install 11.6 SP01 or 12.0

By default XCOM 11.6 SP01 and XCOM 12.0 installs JRE 1.8 u77 under XCOM_HOME in directory /opt/CA/XCOM/JRE/1.8.0_77

The file xcom.glb has corresponding parameter XCOM_JVM set accordingly: CA XCOM DATA TRANSPORT FOR UNIX/LINUX 11.6.1 > XCOM_JVM

CA XCOM DATA TRANSPORT FOR UNIX/LINUX 12.0 > XCOM.JVM

Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH) (Unix)