As part of vulnerability scanning, an older version of Java was found in the installation of EEM. Is there a patch to bring this up to a newer version? The executable was found in:

C:\Program Files (x86)\CA\SC\EmbeddedEntitlementsManager\jre\bin\java.exe

Release : 11.3.6

Component : CA Workload Automation AE (AutoSys)

EEM 12.6.05 comes with a jre (1.6 32bit) and jre18 (1.8 64bit) folder. 
The 1.6 32bit one is used if EEM is configured to use SAML or SSO and if you use eiam-clustersetup.jar to configure EEM for multi-write. 
The other folder, jre18 is used during normal operations. 

As of EEM 12.6.2. (as shipped with AutoSys 12) the jre (32bit) folder is removed and there is only the single jre18 (64bit) folder. 
Client are free to update the java within the jre18 directory if needed as long as they stay within the same major version and bit levels.  

Regarding the JRE directory, it is possible to upgrade java in the jre directory (1.6 32bit) to 1.8 32bit as well.  Recommendation is to backup existing folders before attempting this so one can revert back if there is a problem