JAVA support for SM and admin GUI components

book

Article ID: 209251

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder)

Issue/Introduction

 

Having installed the Policy Server and AdminUI 12.8SP2, an internal
Security Scan have detected the following JVM installation
vulnerable :

For Siteminder Policy Server :

Path              : /opt/CA/siteminder/install_config_info/install_config_jre/
  Installed version : 1.8.0_131
  Fixed version     : 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1

The JVM should be upgraded to 1.8.0_211.

For AdminUI vulnerability detected is below :

  Path              : /opt/CA/siteminder/adminui/install_config_info/install_config_jre/
  Installed version : 1.8.0_51
  Fixed version     : 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1

The JVM should be upgraded to 1.8.0_211 too.

One might like to know how to upgrade those version to 8.0_211 version
of Java to remediate the vulnerabilities.

 

Resolution

 

At first glance, those jvm installations are only used for
installation phase of the product and they aren't in usage
further as reported already for the Web Agent (1).

So the solution to avoid the scanning of the file system telling you
that the installer JVM is vulnerable is :

  - Tarball the following repositories, and archive
    them :

     ca-wa-uninstall/
     install_config_jre/

This won't harm the work of the Web Agent. 

 

Additional Information

(1)

  Security Vulnerability with JRE version in SiteMinder WebAgents
  https://knowledge.broadcom.com/external/article?articleId=141969