Current 14.3 Connector Server contain JVM 1.7 vulnerability after security scan. How to address such vulnerability?
This is due to Installer/Uninstaller is bundled with JVM 1.7
Release : 14.3
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
The installer version that is being used for JCS has a dependency on JAVA 1.7. We cannot remove this dependency (Java 1.7) unless the installer is upgraded. The installer upgrade is not straight forward as we support multiple platforms. The upgrade of the installer may be considered in the future releases of IGA.
The JAVA 1.7 is only required for installer (while uninstalling). JCS run time can use any latest JAVA version that they choose while installing the product. The only short term workaround is to take the backup of JAVA 1.7 folder and remove it to avoid the vulnerability and restore it when JCS needs to be uninstalled.