Our security department scans all ISO files before they are allowed to the internal network.

CVE-2012-1723 was flagged for CA SERVICE MANAGEMENT SDM PACKAGE 17.4 FOR WINDOWS (WITH CATALOG).iso

What can we do in this specific case?

Exploit:Java/CVE-2012-1723 is a malicious Java applet that attempts to exploit a vulnerability (CVE-2012-1723) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.

Service Management 17.4

The ISO file was found to contain a JAVA function that is vulnerable to a very old vulnerability "CVE-20212-1723".

We cannot validate the file, the function must be removed or replaced with a more recent function. The path within the ISO file of the problematic file is: Scripts\CDB\lib\eTFWExplorer.jar

The file "eTFWExplorer.jar" can be safely removed as this jar is not used anymore. 

The ISO can be extracted to a temp folder, remove the eTFWExplorer.jar, then run the installer from the modified extract

Same jar file was detected in the RU update deliverables, and may also be removed.