Vulnerability Findings with Oracle Java in uninstall directory
search cancel

Vulnerability Findings with Oracle Java in uninstall directory


Article ID: 242676


Updated On:


CA Identity Manager


Uninstallers - 

  • D:\IDM\CA\Identity Manager\Connector Xpress\_uninst\_jvm\bin\java.exe
  • D:\IDM\CA\Identity Manager\Provisioning Manager\_uninst\_jvm\bin\java.exe
  • D:\IDM\CA\Identity Manager\Provisioning Directory\_uninst\_jvm\bin\java.exe
  • D:\IDM\CA\Identity Manager\Provisioning Server\_uninst\_jvm\bin\java.exe



Release : 14.3

Component : Identity Manager


For the files in the uninstall directories, \_uninst\_jvm\, those are only needed and called when you are attempting to uninstall, so they can be archived until such time as you need to uninstall. 

As for the \Connector Xpress\jvm\ and \Connector Server\jvm\ we do not have any newer versions of those files at this time.   
I do see that in the latest release, 14.4, these directories no longer contain a jvm and I believe simply uses the JAVA_HOME variable to locate the Java install.

In 14.3 these might be replaceable by a newer version of Java 8 without any issues.  I did a very quick test and backed up the existing java.exe, javaw.exe. and javaws.exe, and replaced them with the files from the 1.8.0_91 JDK I originally installed IDM against.  
The connector server restarted and does basic work.

You will want to test thoroughly to ensure there are no connectivity issues with any of your endpoints in a lower environment before making this change in a production environment. 

Additional Information

These are not Runtime java files