Security Vulnerability identified in JRE of VS Catalog 10.6
search cancel

Security Vulnerability identified in JRE of VS Catalog 10.6


Article ID: 220157


Updated On:


Service Virtualization


I have three different Oracle security patches that need to be applied to VS Catalog JRE.  The JRE in DevTest and IAM installs seems to be okay but our vulnerability software keeps alerting on the JRE in VS Catalog.  Need to know what to do to patch the version VS Catalog:


Java Runtime Environment (JRE) is a platform that supports the execution of programs that are developed using the Java programming language. The JRE platform also supports Java Applets, which can be loaded from Web pages.

JRE and JDK are exposed to multiple vulnerabilities that affect various components. Oracle's Java Critical Patch Update for October 2017 contains 22 new security fixes for Java SE products and sub-products.

Affected Versions:
Oracle Java JDK and JRE, versions prior to 6u171, 7u161, 8u151 and 9.0.1.

QID Detection Logic (Authenticated):
This QID checks for the file or product version of jvm.dll or wsdetect.dll.

Remediation notes

The vendor released updates (Java SE JDK and JRE 8 Update 151 or later, Java SE JDK and JRE 7 Update 161, Java SE JDK and JRE 6 Update 171) to resolve these issues.

Refer to vendor advisory Oracle Java SE CPU October 2017 and Oracle Doc ID 2305932.1 to obtain more details.

Updates for Java 5, Java 6 and Java 7 are no longer available to the public. Oracle offers updates to Java 5, Java 6 and Java 7 only for customers who have purchased Java support or have Oracle products that require Java 5, Java 6 and Java 7.


Release : 10.6

Component : CA Service Virtualization


We have built the VSCatalog code with OpenJDK 8, but we missed the part where we ship the JRE bundle also of OpenJDK due to VSC's very less dependency on JRE.

There will be no impact on the functionality whatsoever with the shipped Oracle JRE.


Please open a ticket with support.  We will provide the Jre bundle for windows and Linux.  Reference DE490067 when opening a ticket.