The Oracle Critical Patch Update Advisory - April 2017 security advisories in the below link:
details several issue with the JVM - we need to know if APM Command Centre could potentially be affected by any of the problems described.
All 8 vulnerabilities that were reported in that bulletin are not relevant to ACC for the following reasons:
- ACC does not use AWT, also it is not running untrusted code in JVM sandbox.
- ACC generally does not accept XML content types on its APIs, only JSON is accepted, through sometimes it processes local XML files using JAXP. Likelihood of denial of service is low.
- ACC does not send emails
- ACC does not use jar signing to perform security functions
- ACC it does not fetch user-specified links and XML parsers (XML is rarely used in ACC)