https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/109111#M14790 <P>Just because a vulnerability scanner finds a “vulnerable version” doesn’t mean a vulnerability exists or that it’s exploitable.</P> <P>One of the CVEs is actually in Eclipse, which we don’t even use.<BR />The other CVE is in a function we don’t use.</P> Thu, 28 Jan 2021 02:59:38 GMT PhoneBoy 2021-01-28T02:59:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/108945#M14773 <P>Hello CheckMates,</P><P>Customer has Internal Nexpose Scan machine and they gave VA Report on CheckPoint IP address for below CVE's:</P><P>IBM Java: IBM Security Update July 2019 (<STRONG>CVE-2019-11775</STRONG>)<BR />IBM Java: Oracle July 14 2020 CPU (<STRONG>CVE-2020-14621</STRONG>)</P><P>Information:</P><P><SPAN>"<STRONG>Vulnerable software installed: IBM JRE 7.0.10.45 (/opt/CPsuite-R80.40/fw1/oracle_oi/cleancontent/jre/lib/version.properties)</STRONG>"</SPAN></P><P><SPAN><BR />Solution:&nbsp;</SPAN>Upgrade IBM Java to version <STRONG>7.0.10.50</STRONG> or <STRONG>7.1.4.50</STRONG> or <STRONG>8.0.5.40</STRONG>"<BR /><BR /></P><P>On CheckPoint command output:&nbsp;</P><P>[Expert@FWSTDR8040:0]# more /opt/CPsuite-R80.40/fw1/oracle_oi/cleancontent/jre/lib/version.properties<BR />#Created by Ant MergeProperties<BR />#Wed Apr 10 06:42:31 BST 2019<BR />sdk.version=pxi3270sr10fp45-20190410_01(SR10 FP45)<BR /><STRONG>sdk.vrmf.version=7.0.10.45</STRONG></P><P>&nbsp;</P><P>What steps is needed to be actioned on CheckPoint.</P><P>&nbsp;</P><P>Regards, Prabu</P><P>&nbsp;</P> Wed, 27 Jan 2021 08:11:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/108945#M14773 Prabulingam_N1 2021-01-27T08:11:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/109052#M14780 <P>Hi,</P> <P>Are you in contact with TAC regarding this issue?</P> <P>They will engage the relevant area to advise further on this and provide a response.</P> Wed, 27 Jan 2021 14:49:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/109052#M14780 Chris_Atkinson 2021-01-27T14:49:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/109065#M14783 <P>Hi Chris - Not yet as I'm still implementing solution for customer.</P><P>So wanna check if anyone has idea on this.</P><P>Regards, Prabu</P> Wed, 27 Jan 2021 15:44:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/109065#M14783 Prabulingam_N1 2021-01-27T15:44:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/109111#M14790 <P>Just because a vulnerability scanner finds a “vulnerable version” doesn’t mean a vulnerability exists or that it’s exploitable.</P> <P>One of the CVEs is actually in Eclipse, which we don’t even use.<BR />The other CVE is in a function we don’t use.</P> Thu, 28 Jan 2021 02:59:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/109111#M14790 PhoneBoy 2021-01-28T02:59:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/109134#M14792 <P>Thanks much PhoneBoy..</P> Thu, 28 Jan 2021 06:05:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Vulnerable-software-installed-IBM-JRE-7-0-10-45-in-CheckPoint/m-p/109134#M14792 Prabulingam_N1 2021-01-28T06:05:36Z