Oracle Java SE 1.7.0_331 / 1.8.0_321 / 1.11.0_14 / 1.17.0_2 Multiple Vulnerabilities

General
,
1

Hi All,

We got some security alletet related to Jre file in Pegs / Java path. Seems it is related to Oracle DB configeration. Any one has any idea how to address this issue.

Platform : 7.4 Pega

Application Server : JBOSS

Alert :

Oracle Java SE 1.7.0_331 / 1.8.0_321 / 1.11.0_14 / 1.17.0_2 Multiple Vulnerabilities (January 2022 CPU)

The following vulnerable instance of Java is installed on the
remote host :

Path : E:\PEGA-7.4\Java\jre1.8.0_191
Installed version : 1.8.0_191
Fixed version : 1.7.0_331 / 1.8.0_321 / 1.11.0_14 / 1.17.0_2

Solution

Apply the appropriate patch according to the January 2022 Oracle Critical Patch Update advisory.

2

@MAX0716

This does not appear to be a listed Pega-vulnerability. Can I ask where you copied the “Alert”/ “Solution” fromatted text from?

"Installed version : 1.8.0_191

Fixed version : 1.8.0_321 ".

Feel free to update to that version after you have checked our platform support guide for your pega version.

Please note that we encourage clients to stay up-to-date with the SE java versions.

See an answer I provided for this type of question previously: https://support.pega.com/question/vulnerablity-reported-java-and-rhel

—> We always recommend users patch their java, as long as the main version is still in the supported platform support guide for your pega version.

se java.png
se java.png837×1753 111 KB

3

@MarijeSchillern Thank you for the update.

This is internal scan that perform by organization and from that scan we got this issue and solution.

So I think we have to update our Java SE version.

Will it possible to guide how to update Java version? and is there any impact to application? I mean do we need to do any regression testing after this?

4

@MAX0716 your app server team should be able to provide help specific for your environment as this falls outside Pega processes. We are not aware of any necessary regression testing.