We are seeing the following Java vulnerability reported on our Datamaker servers. We show the following components:
However, one of the servers shows to have AdoptOpenJDK 1.8.0_212 installed, so that system could be running TDM 4.8+. Would upgrading to TDM 4.9.1 resolve the reported vulnerability?
CVE Numbers: CVE-2019-2894,CVE-2019-2933,CVE-2019-2945,CVE-2019-2949,CVE-2019-2958,CVE-2019-2962,CVE-2019-2964,CVE-2019-2973,CVE-2019-2975,CVE-2019-2977,CVE-2019-2978,CVE-2019-2981,CVE-2019-2983,CVE-2019-2987,CVE-2019-2988,CVE-2019-2989,CVE-2019-2992,CVE-2019-2996,CVE-2019-2999,CVE-2019-11068
Description: The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :
Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution: Upgrade to Oracle JDK / JRE 13 Update 1, 11 Update 5, 8 Update 231 / 7 Update 241 or later. If necessary, remove any affected versions.
Component: CA Test Data Manager