SiteMinder installer packaged JRE security vulnerability

book

Article ID: 208733

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

The security team at our organization ran security scans on all of our servers. The scans flagged the JRE installation which appears to be part of our SiteMinder  installation at Path :

/<InstallDir>/CA/siteminder/install_config_info/install_config_jre/bin/java 1.8.0_162-b12

I am looking for more information on this see if it is really needed at all and if there would be any impact if we delete these.

 

Cause

This version of Java is laid down by the Install program, and is only used for the Install/Uninstall of the Policy Server.

Environment

Release : 12.8.0x

Component : SITEMINDER -Policy Server

Resolution

The version of Java installed by the Install program in the '/<InstallDir>/CA/siteminder/install_config_info/install_config_jre/bin/' is only used for the install and uninstall of the Policy Server , and can be zipped up to prevent the scan from alerting, or the java may be removed if you plan to upgrade in the future. The Upgrade will use the Java shipped with the upgrade package. To uninstall the Policy Server, the Java would need to be replace prior to attempting the install.