Mitigation of Multiple Oracle Java SE Vulnerabilities (CPUs) in Identity Manager Virtual Appliance 14.5 SP1
search cancel

Mitigation of Multiple Oracle Java SE Vulnerabilities (CPUs) in Identity Manager Virtual Appliance 14.5 SP1

book

Article ID: 434036

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager CA Identity Portal CA Identity Governance

Issue/Introduction

Multiple Oracle Java SE Critical Patch Updates (CPUs) were identified during a vulnerability assessment or security scan of the Identity Manager Virtual Appliance 14.5 SP1 environment.

These vulnerabilities were associated with the following QIDs and were represented by various CVEs:

 
 
QIDRequired Java VersionAssociated CVEs (Representative List)
380188> 1.8.0_411CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21131, CVE-2024-21138
380707> 1.8.0_421CVE-2023-42950, CVE-2024-25062, CVE-2024-21235, CVE-2024-21210, CVE-2024-21211, CVE-2024-21208, CVE-2024-21217
382697> 1.8.0_431CVE-2025-0509, CVE-2025-21502
383097> 1.8.0_441CVE-2024-27856, CVE-2024-40866, CVE-2024-44185, CVE-2024-44187, CVE-2024-44244, CVE-2024-44296, CVE-2024-44308, CVE-2024-44309, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546, CVE-2024-47596, CVE-2024-47597, CVE-2024-47606, CVE-2024-47775, CVE-2024-47776, CVE-2024-47777, CVE-2024-47778, CVE-2024-54479, CVE-2024-54502, CVE-2024-54505, CVE-2024-54508, CVE-2024-54534, CVE-2024-54543, CVE-2025-23083, CVE-2025-23084, CVE-2025-23085, CVE-2025-21587, CVE-2025-24143, CVE-2025-24150, CVE-2025-24158, CVE-2025-24162, CVE-2025-30691, CVE-2025-30698
383578> 1.8.0_451CVE-2025-50059, CVE-2025-30749, CVE-2025-50106, CVE-2025-23166, CVE-2025-27113, CVE-2025-24855, CVE-2025-50063, CVE-2025-30761, CVE-2025-30754, CVE-2025-50065, CVE-2025-30752, CVE-2024-55549, CVE-2025-23165, CVE-2024-40896, CVE-2024-56171, CVE-2025-24928, CVE-2025-32414, CVE-2025-32415
385593> 1.8.0_461CVE-2025-31257, CVE-2025-53066, CVE-2025-53057, CVE-2025-61755, CVE-2025-61748, CVE-2025-24189, CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43228, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558 

 

Environment

  • Product: CA Identity Suite / Identity Manager / Identity Portal / Identity Governance
  • Deployment type: Virtual Appliance (vApp)
  • Version: 14.5 SP1 CHF1 or earlier

Cause

Java version provided on Virtual Appliance up to and including version 14.5 SP1 CHF1 is:

OpenJDK Runtime Environment (Temurin)(build 1.8.0_402-b06)
OpenJDK 64-Bit Server VM (Temurin)(build 25.402-b06, mixed mode)

Resolution

Broadcom support provided a hotfix that upgrades installed OpenJDK Temurin to version 1.8.0_482.

Please reach out to support if you require it now, hotfix will be part of next SP or CHF released after 14.5 SP1 CHF1.

 

Additional Information

If you want to confirm the version of Java after hotfix is applied please use command:

java -version 
Powered by Wolken Software