CA Common Components JRE 1.5 vulnerability.
search cancel

CA Common Components JRE 1.5 vulnerability.


Article ID: 94183


Updated On:


CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) Workload Automation Agent


The Security team ran a scan on the CA WAAE and CA WCC Servers. The Java 1.5 in the /opt/CA/SharedComponents/JRE showed up on their list. Can we remove or upgrade this JRE 1.5 to a supported release?


CA WAAE/WCC 11.3.5/11.3.6/11.4 with any of the CA Common Components (CCI, Event Management, Embedded Entitlements Manager) installed. All supported Linux operating System.


The CA-diadna is consuming JRE 1.5 (/opt/CA/SharedComponents/JRE/1.5.0_11). CA-diadna is not required by CA CCI, Event Management and Embedded Entitlements Manager so it is safe to disable its start up during system reboot. The following command will disable CA-diadna from automatic startup: `unisrvcntr register -D CA-diadna`. This will stop the JRE 1.5 usage.

However, if you want to remove JRE 1.5 altogether, then perform the following steps as root user:

1. Stop the CA-diadna service
# cd $CASHCOMP/ccs/dia/dna/bin
# ./dnacntl stop

2. Check CA-diadna service is stopped (CA-diadna shows inactive):
# ustat

3. Confirm that no process is using the JRE 1.5
# lsof +D '/opt/CA/SharedComponents/JRE/'

4. Backup the CAdiadna startup script and de-register it from startup list.
# cp -p /etc/init.d/CA-diadna /opt/CA/SharedComponents/tmp/
# unisrvcntr register -D CA-diadna
# ustat

Note: ustat should not list CA-diadna at this point.

5. Remove CA DIA-DNA and JRE 1.5 packages
# cd
# rpm -e ca-cs-dia-dna-11.2.11350-1254.i586
# rpm -e ca-cs-jre-1.5.0-11.i386

As for upgrading the JRE to a later release, CA has NOT tested or certified CA-diadna component with other JRE releases and hence upgrading is not a supported option.