JRE vulnerability for jrt-fs.jar reported in the install_config_jre location
search cancel

JRE vulnerability for jrt-fs.jar reported in the install_config_jre location

book

Article ID: 277215

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Vulnerabilities reported:

Vulnerability Proof
Vulnerable OS: Red Hat Enterprise Linux 7.9


Vulnerable software installed: Oracle JRE 11 (/smapp/CA/siteminder/install_config_info/install_config_jre/lib/jrt-fs.jar)

Environment

PolicyServer 12.8 SP7

 

Cause

CVE-2018-3180

Resolution

The reported JRE is runtime JRE. It is used only during the installation/uninstallation.
This can be compressed/zipped and archived. And it's removal will not impact any functionality of Siteminder.

Powered by Wolken Software