CA Workload Automation ESP agent 11.5 Vulnerability

book

Article ID: 197776

calendar_today

Updated On:

Products

CA Workload Automation Agents CA Workload Automation Agent

Issue/Introduction

Running a vulnerability scan and found CA WA ESP Agent 11.5 in vulnerability report.

Are these valid or false alarms? 

 

 

Environment

Release : 11.5

Component : CA Workload Automation System Agent

Resolution

Every java release has some form of vulnerability. There is no such thing as a non-vulnerable release of the agent. New vulnerabilities are discovered pretty much on a daily basis.

The customer can upgrade Java as Broadcom no longer ships Oracle java due to licensing. Due to Oracle licensing, customers will need to either purchase updated JRE from Oracle or use the Adopt OpenJDK JRE. Customers must stay within the 1.8 release of Java.

This is not a defect.