Vulnerability, Lower version of JAVA 1.7 in Connector Server installed packages both Linux/Windows Standalone

book

Article ID: 221062

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

 

Current 14.3 Connector Server contain JVM 1.7 vulnerability after security scan.  How to address such vulnerability?

 

 

Cause

This is due to Installer/Uninstaller is bundled with JVM 1.7

Environment

Release : 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

The installer version that is being used for JCS has a dependency on JAVA 1.7. We cannot remove this dependency (Java 1.7) unless the installer is upgraded. The installer upgrade is not straight forward as we support multiple platforms. The upgrade of the installer may be considered in the future releases of IGA.

The JAVA 1.7 is only required for installer (while uninstalling). JCS run time can use any latest JAVA version that they choose while installing the product. The only short term workaround is to take the backup of JAVA 1.7 folder and remove it to avoid the vulnerability and restore it when JCS needs to be uninstalled.