Client has reported Java vulnerabilities against the following SDM folders:

C:\Program Files\CA\SC\JRE\11.0.3\

C:\Program Files\CA\SC\Mdb\Windows\

Is it possible to upgrade to JDK 11.0.9 or higher?

CA Service Desk Manager 17.3 and 17.4

All Supported Operating Systems

Starting with CA Service Desk Manager 17.3.RU22, runtime JRE of 11.0.18 is provided.

1.  The 11.0.3 folder in C:\Program Files\CA\SC\JRE\ can be safely removed as it is present only in case xFlow needs to be uninstalled.  The xFlow processes now use the JRE 11.0.18 present in the folder C:\Program Files\CA\SC\JRE

2.  The JRE present in C:\Program Files\CA\SC\Mdb\Windows\ is still 11.0.3. This folder is not used in the daily running of xFlow or the Service management application and hence not exploitable.

The common Database task (Configuring CA Service Management common tables) that runs during any Rollup Patch installation adds the files here. The reason we add the files here is so that Common Database Task can be run manually if needed.
You can safely delete this folder or upgrade the contents with JRE 11.0.18 files.