[Vulnerability] OpenJDK Upgrade for UIM
search cancel

[Vulnerability] OpenJDK Upgrade for UIM

book

Article ID: 219556

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

When will the version of OpenJDK in Nimsoft be upgraded to OpenJDK 8u292 (1.8.0_292-b10)?  We currently are being hit with vulnerabilities from Nessus.

 

CVE-2021-2161,CVE-2021-2163

Environment

Release : 20.3

Component : UIM - INSTALL

Cause

We follow a quarterly cadence to update the probe with the latest jre release from Adopt OpenJDK. Irrespective of whether vulnerabilities are reported or not, we continue updating the probe with the latest patch. There are vulnerabilities reported on the previous jre version 8u282 which are addressed in update 292b10.
OpenJDK Vulnerability Advisory: 2021/04/20
https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20

Resolution

Java_jre 2.07 was released 14 July 2021 and contains Java 1.8.292b10.

Powered by Wolken Software