When scanning the CA API Gateway OVA Appliance with Rapid 7 Security scanner you may get results such as:
Java CPU MONTH YEAR Java SE, Java SE Embedded vulnerability (CVE-YEAR-###)
This indicates that the Rapid 7 scanner (or potentially other security scanners has found a security vulnerability with the version of Java SE installed)
The cause of this is due to the version of Java that is embedded with the Gateway Appliance OVA environment which may be older than the latest version which addresses vulnerabilities seen with Security Scanners such as Rapid 7.
Release : 9.x and 10.x
Component : API GATEWAY
Java (OpenJDK) that comes with the Gateway Appliance is updated in two ways:
Please be aware that manually upgrading Java outside of the Cumulative Release Patches or Product Version Upgrades is not supported as the Gateway Appliance is tested with specific versions of Java for quality assurance purposes.
OpenJDK Version History