ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Vulnerability on Adopt Open JDK for TDM DataMaker

book

Article ID: 237751

calendar_today

Updated On:

Products

CA Continuous Application Insight (PathFinder)

Issue/Introduction

We have received vulnerability on Adopt OpenJDK software(Java JRE: AdoptOpenJDK JRE 8). which was installed from GT server installation for 4.9 Data Maker.

  • Could you please let us know if we have resolution for this Vulnerability and have the latest version for Adopt Open JDK software?
  • Could you please let us know if we can un-install the Adopt open JDK software and this is will not cause any issues on existing product.

Here are below scan details:

Software Product: Adopt OpenJDK

CVE : CVE-2021-2161,CVE-2021-2163

Path: C:\Program Files\AdoptOpenJDK\jre-8.0.212.04-hotspot\bin\javaw.exe  Version is  8.0.2120.4

Title: Adopt OpenJDK Vulnerability Advisory: 2021/04/20

 

Cause

TDM 4.9.X Daamaker installed an external OpenJDK version

Environment

TDM Datamaker 4.9.X

Test Data Manager

Resolution

The recommended solution to this issue is to uninstall the external Java on the system then update to the latest TDM 4.10 version of the product as this now ships with an embedded JRE so the external Java is no longer needed.

If you can not update at this time then they said it should not be a problem to download the latest OpenJDK 1.8 version and install it outside the product to take care of this issue.