We have EM and WV processes now running with OpenJDK JVM, but the APM systems are listed with Java vulnerability.
We think this could be because the previous JVM (non-OpenJDK) image remains installed.
The report is showing /opt/Introscope10.7.0.45/jre/lib/rt.jar as Java vulnerability.
The path to the OpenJDK rt.jar file that the EM and WV are using is:
To address the Java JVM vulnerability, can we remove the previous JVM (non-OpenJDK) from the APM systems?
Release : 10.7.0
Component : APMISP
Yes, you can remove the /opt/Introscope10.7.0.45/jre/lib/rt.jar file as it is not being used by EM and WV.
stop WV and EM.
start EM and WV.
If both EM and WV starts good than run the security scan and see if it resolves the vulnerability issue.