Java vulnerabilities in Spectrum and using WebTomcat exclusively

book

Article ID: 211033

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

I need assistance from CA support to understand what I need to do for these vulnerabilities found in our most recent scan. These are hitting Java installation on the server.

Does Java JRE need to be installed in order for OneClick to run? 

Cause

Vulnerabilities in Java JRE

Environment

Release : 20.2

Component : Spectrum Core / SpectroSERVER

Resolution

OneClick as a Java applet does need Java JRE to run. However, OneClick WebTomcat does not require Java JRE as it is web-based and as such, if WebTomcat is to be used exclusively on that workstation, then Java JRE can be uninstalled so it will not be affected by the vulnerability scan.