UUJMA Java vulnerabilities
search cancel

UUJMA Java vulnerabilities

book

Article ID: 278731

calendar_today

Updated On: 02-20-2024

Products

Unicenter Job Management Option

Issue/Introduction

Java vulnerability has been reported on the server where CA7 agent are running.   Below are the CVE and vulnerable path details on the server please advise on how to resolve.


CVE-2015-0204, CVE-2015-0491, CVE-2015-0460, CVE-2015-0469, CVE-2015-0459, CVE-2015-0492
Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix)
 

Path : /.../CA/ENU/Linux/pkgs/JRE/1.5.0_11
Path : /.../ca7_logs/Linux_ca7installpkg/pkgs/JRE/1.5.0_11
Path : /...CA/Linux/pkgs/JRE/1.5.0_11
Path : /.../CA/ENU/Solaris-Sparc/pkgs/JRE/1.5.0_11
Path : /.../CA/ENU/Solaris-Intel/pkgs/JRE/1.5.0_11
Installed version : 1.5.0_11_
Fixed version : 1.5.0_85 / 1.6.0_95 / 1.7.0_79 / 1.8.0_45
 
Path : /.../CA/Linux/pkgs/JRE/1.5.0_11
Installed version : 1.5.0_11_
Fixed version : 1.5.0_85 / 1.6.0_95 / 1.7.0_79 / 1.8.0_45

Cause

The UUJMA package has been downloaded to a specified location on the agent machine and wasn't removed after installation.

Resolution

The UUJMA product doesn't use JAVA or have any vulnerabilities at all. The graphical install for UUJMA requires Java Runtime Environment. The ENU path contains the JRE as it was part of the installer package and is only needed during the graphical install for UUJMA and should be removed.