APM EM and Webview systems are reporting Java vulnerability

book

Article ID: 206417

calendar_today

Updated On:

Products

DX Application Performance Management

Issue/Introduction

We have EM and WV processes now running with OpenJDK JVM, but the APM systems are listed with Java vulnerability.

We think this could be because the previous JVM (non-OpenJDK) image remains installed. 

The report is showing /opt/Introscope10.7.0.45/jre/lib/rt.jar as Java vulnerability.

The path to the OpenJDK rt.jar file that the EM and WV are using is:

/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-1.el7_9.x86_64/jre/lib/rt.jar

To address the Java JVM vulnerability, can we remove the previous JVM (non-OpenJDK) from the APM systems?

Environment

Release : 10.7.0

Component : APMISP

Resolution

Yes, you can remove the /opt/Introscope10.7.0.45/jre/lib/rt.jar file as it is not being used by EM and WV.

stop WV and EM.
start EM and WV.

If both EM and WV starts good than run the security scan and see if it resolves the vulnerability issue.