Need some help with the vulnerabilities that has been identitifed
search cancel

Need some help with the vulnerabilities that has been identitifed

book

Article ID: 259619

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

The vulnerabilities are identified around the version of java that is being used on the Windows Tools servers/connector servers and Linux Connector servers

Windows
"C:\Program Files\Java\jre1.8.0_201\bin\wsdetect.dll file version is 8.0.2010.9
C:\Program Files (x86)\Java\jre1.8.0_201\bin\wsdetect.dll file version is 8.0.2010.9"

Linux 


"Install Location Version Detection Type
/opt/CA/IdentityManager/ConnectorServer/jvm/bin/java 1.8.0_60-b27 Enhanced"
"Install Location Version Detection Type
/opt/CA/IdentityManager/ConnectorServer.old/_uninst/_jvm/bin/java 1.7.0_80-b15 Enhanced
/opt/CA/IdentityManager/ConnectorServer.old/jvm/bin/java 1.8.0_60-b27 Enhanced 

Environment

Release : 14.3

Resolution

In the im_jcs file under the path: /opt/CA/IdentityManager/ConnectorServer/bin/im_jcs --> we have commented out the JAVA value and added another value to look for the JAVA  version of the server

#JAVA=jvm/bin/java 
JAVA=/usr/bin/java 

We have renamed the jvm file under /opt/CA/IdentityManager/ConnectorServer as jvm_old and tried stopping and starting the server which worked well.