Qualys security reporting vulnerabilities with IBM Java Software Development Kit (SDK) on Linux hosted Symantec VIP Enterprise Gateway Server

• IJ53059: CVE-2024-10917
• IJ53028: CVE-2024-21217
• IJ53030: CVE-2024-21208

The Symantec VIP Enterprise Gateway product includes and exclusively utilizes its own bundled OpenJDK 17 environment. It does not use or interact with any other Java installations on the host system, including the vulnerable IBM Java 1.8 instance.

In Conclusion, the identified vulnerabilities are associated with a separate Java installation on the server and are not related to the components used by the VIP Enterprise Gateway. Therefore, with respect to the VIP EG product, this is considered a false positive.