Please be informed that we noticed that the vulnerabilities listed below are being flagged for UIM.

Could you please check and suggest how to remediate these vulnerabilities from the UIM servers.

Below are the Vulnerabilities.

Note:- as we already checked in support portal for knowledge article for this, but we couldn't able to find the exact Vulnerability in the articles.

• Red Hat Update for java-1.8.0-openjdk (RHSA-2021:3889)
• Red Hat Update for java-1.8.0-openjdk security (RHSA-2022:1487)

• Release: 20.4

- java_jre package version

Please refer to the latest java_jre package at support.nimsoft.com.

Here is a link to the java_jre release notes:
http://support.nimsoft.com/unsecure/archive.aspx?id=214 

- As of UIM 20.4 CU6, the java_jre package is now version 2.15 and the Java JRE is updated to:

   OpenJDK Java Runtime Environment 1.8.0_352-b08

Please also refer to:

https://access.redhat.com/errata/RHSA-2021:3889 

and

https://access.redhat.com/errata/RHSA-2022:1487

and click the 'Updated Packages' Tab on each of those Redhat Security Advisory pages.

You will see that the java_jre package v2.15 (OpenJDK version) supercedes the mentioned packages.

So, on whichever machine the vulnerability was found, e.g. UIM Server/OC/Cabi, robot etc., check the installed packages.

In the Infrastrutcure Manager (IM), you can open the controller probe GUI click Status Tab and click Installed packages and check the currently deployed java_jre version.

As you can see from the java_jre release notes, in all cases, when you upgrade the java_jre package, you should:

-> Manually delete the old java_jre folder (for example, jre8u345b01) located in the directory <UIM_Installation>\Nimsoft\jre in all the robots.

On Linux, the old jre file would normally be located in-> /opt/nimsoft/jre

Then it should no longer be picked up during a scan.