Performing vulnerability remediation analysis on Red Hat Linux and the XCOM 11.6 SP01 Java version has been highlighted by Oracle Critical Patch Updates, Security Alerts and Bulletins i.e.
Path : /opt/CA/XCOM/JRE/1.8.0_77/
Installed version : 1.8.0_77 / build 8.0.77
Can this be remediated by upgrading to XCOM for Linux 12.0?
Component: XCOM for Linux
Releases : 11.6 SP01, 12.0
1. The currently installed XCOM 11.6 SP01 installs and uses Java 1.8.0_77.
The latest XCOM 11.6 SP01 patch only updates Java to 1.8.0_162 (XCOM for Linux r11.6 SP01 and Java 1.8.0_77 vulnerabilities).
However, a later Oracle JRE or OpenJDK version can be installed per Resolution step #3 in this article: Implementing OpenJDK with XCOM for Linux and Windows.
2. The latest version XCOM 12.0 no longer distributes an Oracle JRE as part of the installation due to Oracle JRE licensing changes. So the user has to install their own version of Oracle or Open Java 1.8 64-bit and specify that JRE at XCOM install time, as per this doc. section: XCOM Data Transport for UNIX/Linux 12.0 > Installing > Prepare for Installation > Address Software Requirements.
So, in summary, whether it is decided to stay on 11.6 or upgrade to 12.0 a version of Oracle Java or Open Java which does not have the vulnerabilities needs to be installed and XCOM configured to use it.