Java vulnerability has been reported on the server where CA7 agent are running. Below are the CVE and vulnerable path details on the server please advise on how to resolve.
CVE-2015-0204, CVE-2015-0491, CVE-2015-0460, CVE-2015-0469, CVE-2015-0459, CVE-2015-0492
Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix)
Path : /.../CA/ENU/Linux/pkgs/JRE/1.5.0_11
Path : /.../ca7_logs/Linux_ca7installpkg/pkgs/JRE/1.5.0_11
Path : /...CA/Linux/pkgs/JRE/1.5.0_11
Path : /.../CA/ENU/Solaris-Sparc/pkgs/JRE/1.5.0_11
Path : /.../CA/ENU/Solaris-Intel/pkgs/JRE/1.5.0_11
Installed version : 1.5.0_11_
Fixed version : 1.5.0_85 / 1.6.0_95 / 1.7.0_79 / 1.8.0_45
Path : /.../CA/Linux/pkgs/JRE/1.5.0_11
Installed version : 1.5.0_11_
Fixed version : 1.5.0_85 / 1.6.0_95 / 1.7.0_79 / 1.8.0_45
The UUJMA package has been downloaded to a specified location on the agent machine and wasn't removed after installation.
The UUJMA product doesn't use JAVA or have any vulnerabilities at all. The graphical install for UUJMA requires Java Runtime Environment. The ENU path contains the JRE as it was part of the installer package and is only needed during the graphical install for UUJMA and should be removed.