Java_Jre vulnerability of old versions

search cancel

Java_Jre vulnerability of old versions

book

Article ID: 390016

calendar_today

Updated On: 03-06-2025

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Security team has reported below vulnerabilities for UIM for agents installed on Linux servers which use Java JRE.

Even if upgrade Java JRE version scan still reports as old java JRE version is still present in nimsoft directory.

Vulnerability Proof	Vulnerability Solution	Vulnerability ID
Vulnerable OS: Red Hat Enterprise Linux 7.9 Vulnerable software installed: Oracle JRE 1.8.0.422 (/opt/nimsoft/jre/jre8u422b05/lib/rt.jar)	Upgrade to the latest version of Oracle Java Download and apply the upgrade from: https://www.java.com/en/download/manual.jsp	jre-vuln-cve-2025-21502

Environment

Release: Any DX UIM

Resolution

UIM is maintaining two versions of the java_jre folders for backward compatibility purposes. If any specific probe is not compatible with the latest deployed version of Java, can switch it to the old version.

Additionally, we plan to upgrade the JRE version to Java 21 very soon. Probes that are not compatible with Java 21 should still be able to operate on Java 8. Therefore, we will have two different entries in the configuration files, one for Java 8 and another for Java 21.

The only workaround is to delete the older version of the JRE manually.

Feedback

thumb_up Yes

thumb_down No