AdminUI Java Vulnerabilities

book

Article ID: 205813

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Plugin Output:

The following vulnerable instances of Java are installed on the

remote host :

 Path              : D:\WAMUI\SiteMinder\adminui\runtime\bin\java.exe

  Path              : D:\WAMUI\SiteMinder\adminui\runtime\jre\bin\java.exe

  Installed version : 1.8.0_144

  Fixed version     : 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1

 

Is it possible to get a patch for the AdminUI?

 

Current Version of AdminUI:

ProductName=CA Single Sign-On Administrative Console
FullVersion=12.80.100.1775
Location=D:\WAMUI\SiteMinder\adminui

 

Environment

Release : 12.8.03

Component : SITEMINDER - AdminUI

Resolution

Instructions provided for upgrading the AdminUI Java:

-Download the latest release of AdpoptOpenJDK 8.
https://adoptopenjdk.net/
(currently jdk8u275-b01)
-Stop the AdminUI process
-Backup and or tar runtime CA/siteminder/adminui/runtime
-Overwrite the current release of Java in 'runtime' with what was downloaded from AdpoptOpenJDK jdk8u275-b01

Additional Information

Please note that it is only valid to upgrade within the same major release of Java.  In this instance, the 12.8.x AdminUI uses Java 1.8x, so this particular AdminUI can be upgraded to any newer 1.8 release of Java.