Running a vulnerability scan and found CA WA Agent 11.5 in vulnerability report.
Are these valid or false alarms?
Release : 11.5
Component : CA Workload Automation System Agent
Every java release has some form of vulnerability. There is no such thing as a non-vulnerable release of the agent. New vulnerabilities are discovered pretty much on a daily basis.
The customer can upgrade Java as Broadcom no longer ships Oracle java due to licensing. Due to Oracle licensing, customers will need to either purchase updated JRE from Oracle or use the Adopt OpenJDK JRE. Customers must stay within the 1.8 release of Java.