The following JRE path is installed as part of the shared components install: $CASHCOMP/JRE/1.5.0_11.
This is being flagged as a vulnerability by the customer’s scans, and they need to either update or remove it.
Is this JRE required?
This JRE component is not required to run CCI
To determine if only CCI, from the CA Common Services is running, you can execute the 'ustat' or 'unifstat' command
Output of unifstat:
CA Services Status Report
Component Name Pid Status
------------------------------------ ------- --------------
CA-CCI Server 12197 running
CA-CCI Remote Server 12200 running
CA-CCI Clean Up 12198 running
CA-CCI Legacy Proxy 12199 running
WAAE Web Server (BOX) 10848 running
WAAE Application Server (BOX) 10186 running
WAAE Scheduler (BOX) 10502 running
WAAE Agent (WA_AGENT) 10019 running
In this above output we can see that only the CA-CCI component is running
This component does not need any JRE
You can delete or rename this JRE directory:
$CASHCOMP/JRE/1.5.0_11
If the "ustat" or "unifstat" command display other common components, please open a case at CA support.