SiteMinder installer packaged JRE security vulnerability


Article ID: 208733


Updated On:




The security team at our organization ran security scans on all of our servers. The scans flagged the JRE installation which appears to be part of our SiteMinder  installation at Path :

/<InstallDir>/CA/siteminder/install_config_info/install_config_jre/bin/java 1.8.0_162-b12

I am looking for more information on this see if it is really needed at all and if there would be any impact if we delete these.



This version of Java is laid down by the Install program, and is only used for the Install/Uninstall of the Policy Server.


Release : 12.8.0x

Component : SITEMINDER -Policy Server


The version of Java installed by the Install program in the '/<InstallDir>/CA/siteminder/install_config_info/install_config_jre/bin/' is only used for the install and uninstall of the Policy Server , and can be zipped up to prevent the scan from alerting, or the java may be removed if you plan to upgrade in the future. The Upgrade will use the Java shipped with the upgrade package. To uninstall the Policy Server, the Java would need to be replace prior to attempting the install.