ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Vulnerability in Java JVM from install_config_jre folder in AdminUI

book

Article ID: 209251

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

 

Having installed the Policy Server and AdminUI 12.8SP2, an internal
Security Scan has detected the following JVM installation vulnerable:

For Siteminder Policy Server :

  Path              : /opt/CA/siteminder/install_config_info/install_config_jre/

    Installed version : 1.8.0_131
    Fixed version     : 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1

  The JVM should be upgraded to 1.8.0_211.

For AdminUI vulnerability detected is below :

  Path              : /opt/CA/siteminder/adminui/install_config_info/install_config_jre/

    Installed version : 1.8.0_51
    Fixed version     : 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1

  The JVM should be upgraded to 1.8.0_211 too.

How to upgrade those versions to the 8.0_211 version of Java to
remediate the vulnerabilities?

 

Resolution

 

At first glance, those JVM installations are only used for the
installation phase of the product and they aren't in usage further as
reported for the Web Agent (1) too.

So the solution to avoid the scanning of the file system telling that
the installer JVM is vulnerable is:

  - Tarball the following repositories, and archive
    them :

     ca-wa-uninstall/
     install_config_jre/

This will have no impact on the AdminUI functionalities.

 

Additional Information

 

(1)

    Java vulnerability in Siteminder install_config_jre Web Agent and other component