Running AdminUI, CA Access Gateway (SPS), and Policy Server, the following potential vulnerability has been detected:

  Java CPU April 2024 Oracle Java SE vulnerability (CVE-2023-41993)

For SiteMinder Policy Server, get the JDK version installed for the Policy Server.

On Linux deployment, the file ca_ps_env.ksh have the path to the JDK in the environment variable definition:

  NETE_JRE_ROOT

To illustrate with a sample:

  NETE_JRE_ROOT="/{home_jdk}/jdk-11.0.17+8-jre"

  to verify the version, the following command will give it:

  # /{home_jdk}/jdk-11.0.17+8-jre/bin/java -version
  openjdk version "11.0.17" 2022-10-18
  OpenJDK Runtime Environment Temurin-11.0.17+8 (build 11.0.17+8)
  OpenJDK 64-Bit Server VM Temurin-11.0.17+8 (build 11.0.17+8, mixed mode)

So, to change the JDK version for the Policy Server:

• Upgrade the existing JDK version to the desired version;
• Modify the ca_ps_env.ksh to point to the upgraded version path.
   

The AdminUI from the latest version 12.8SP8CR01 run the Temurin OpenJDK 1.8.0_362 which is not affected as per the OpenJDK Vulnerability matrix. This vulnerability (CVE-2023-41993) (1) affects only the OpenJFX 17, 21, and 22:

So, the AdminUI JVM is not affected by that Java vulnerability.

1. OpenJDK Vulnerability Advisory: 2024/04/16