In the installation files left on the file system, there are some libraries vulnerable to CVE-2018-3183 (1).

"File `\{home_web_agent}\win64\install_config_info\install_config_jre\lib\jrt-fs.jar`
version `11` is vulnerable to `CVE-2018-3183`, which exists in versions `= 11.0.0`.
The vulnerability was found in the [National Vulnerability Database (NVD)](https://nvd.nist.gov/vuln/detail/CVE-2018-3183) based on the CPE `cpe:2.3:a:oracle:jre` with NVD severity: `Critical`.
The file is associated with the technology `JRE`.
The vulnerability can be remediated by updating `JRE` to `11.0.1` or higher."

Web Agent 12.8

As the installer is a third party software, a Web Agent 12.8 version has been developed without any embedded Java.

That specific Web Agent 12.8 allows installing separately the JVM on the OS and upgrading it at will if needed.

So, the alternative solution is to install the Web Agent 12.8 version that doesn't have any JVM embedded (2), and pick up the JVM that isn't vulnerable to the CVE-2018-3183.

1. CVE-2018-3183 Detail
   
   
2. Support for 64-bit Web Agent 12.8