How to solve security issues of the embedded JRE used for the Web Agent Installer and other Siteminder component installers such as CA Access Gateway (SPS), Web Agent Option Pack, Policy Server, and AdminUI.
Considering that :
At the first glance, as the JRE is used only to run the installer and uninstaller, and as the JRE is not running as a Service, there should be no running vulnerabilities on the system.
The Web Agent itself doesn't use Java (it's written and compiled in C++).
The JVM you see from the installer is given by a third party vendor, and as such Broadcom has very little control on the Java version delievered with.
The only way to avoid the scanning of the file system reporting that the installer JVM is vulnerable is:
- Tarball the following repositories, and archive them:
This won't harm the work of the Siteminder component.
When planning to uninstall the Web Agent, replace this version of Java, and perform the uninstall. If an upgrade is performed instead, there will not be any issues, since the new Agent install will use its own version of JAVA to perform the upgrade.