EEM Java Vulnerability

book

Article ID: 208253

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

As part of vulnerability scanning, an older version of Java was found in the installation of EEM. Is there a patch to bring this up to a newer version? The executable was found in:

C:\Program Files (x86)\CA\SC\EmbeddedEntitlementsManager\jre\bin\java.exe

 

Environment

Release : 11.3.6

Component : CA Workload Automation AE (AutoSys)

Resolution

EEM 12.6.05 comes with a jre (1.6 32bit) and jre18 (1.8 64bit) folder. 
The 1.6 32bit one is used if EEM is configured to use SAML or SSO and if you use eiam-clustersetup.jar to configure EEM for multi-write. 
The other folder, jre18 is used during normal operations. 
As of EEM 12.6.2. (as shipped with AutoSys 12) the jre (32bit) folder is removed and there is only the single jre18 (64bit) folder. 
Client are free to update the java within the jre18 directory if needed as long as they stay within the same major version and bit levels.  

Regarding the jre directory, I found other support cases indicating clients can upgrade java in the jre directory (1.6 32bit) to 1.8 32bit as well.
I personally never performed that specific update to confirm that.
I recommend if you attempt to upgrade the java(s) in place, that you take backups of the folders/system before making changes in the event you 
come across some new unknown incompatibility or issue.
That allows you the flexibility to revert back to a working configuration quickly if needed.