Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Thushan Anuruddha (MAX0716)
Central Provident Fund Board (CPFB)
Lead Consultant
Central Provident Fund Board (CPFB)
SG
MAX0716 Member since 2012 11 posts
Central Provident Fund Board (CPFB)
Posted: Jul 1, 2022
Last activity: Jul 18, 2022
Posted: 1 Jul 2022 2:20 EDT
Last activity: 18 Jul 2022 20:48 EDT
Closed
Solved

Oracle Java SE 1.7.0_331 / 1.8.0_321 / 1.11.0_14 / 1.17.0_2 Multiple Vulnerabilities

Hi All,

We got some security alletet related to Jre file in Pegs / Java path. Seems it is related to Oracle DB configeration. Any one has any idea how to address this issue.

Platform : 7.4 Pega

Application Server : JBOSS

Alert : 

Oracle Java SE 1.7.0_331 / 1.8.0_321 / 1.11.0_14 / 1.17.0_2 Multiple Vulnerabilities (January 2022 CPU)

The following vulnerable instance of Java is installed on the remote host :

  Path              : E:\PEGA-7.4\Java\jre1.8.0_191   Installed version : 1.8.0_191   Fixed version     : 1.7.0_331 / 1.8.0_321 / 1.11.0_14 / 1.17.0_2

Solution

Apply the appropriate patch according to the January 2022 Oracle Critical Patch Update advisory.

 

 

***Edited by Moderator: Pooja Gadige to add capability tag***
To see attachments, please log in.
Pega Platform 7.4
Security

Accepted Solution

Posted: 2 years ago
Updated: 2 years ago
Posted: 1 Jul 2022 10:48 EDT
Updated: 18 Jul 2022 20:48 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@MAX0716  

This does not appear to be a listed Pega-vulnerability.  Can I ask where you copied the "Alert"/ "Solution" fromatted text from?

"Installed version : 1.8.0_191

    Fixed version   : 1.8.0_321 ".

Feel free to update to that version after you have checked our platform support guide for your pega version.

Please note that we encourage clients to stay up-to-date with the SE java versions.

See an answer I provided for this type of question previously: https://support.pega.com/question/vulnerablity-reported-java-and-rhel

---> We always recommend users patch their java, as long as the main version is still in the supported platform support guide for your pega version.

se java

To see attachments, please log in.
Posted: 2 years ago
Posted: 3 Jul 2022 21:32 EDT
Thushan Anuruddha (MAX0716)
Central Provident Fund Board (CPFB)
Lead Consultant
Central Provident Fund Board (CPFB)
SG

@MarijeSchillern Thank you for the update.

This is internal  scan that perform by organization and from that scan we got this issue and solution. 

So I think we have to update our Java SE version. 

Will it possible to guide how to update Java version? and is there any impact to application? I mean do we need to do any regression testing after this?

To see attachments, please log in.
Posted: 2 years ago
Posted: 18 Jul 2022 8:19 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@MAX0716  your app server team should be able to provide help specific for your environment as this falls outside Pega processes.  We are not aware of any necessary regression testing.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice