Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Prabulingam_N1
Advisor
Jump to solution

Vulnerable software installed: IBM JRE 7.0.10.45 in CheckPoint Products (Mgmt server & FW)

Hello CheckMates,

Customer has Internal Nexpose Scan machine and they gave VA Report on CheckPoint IP address for below CVE's:

IBM Java: IBM Security Update July 2019 (CVE-2019-11775)
IBM Java: Oracle July 14 2020 CPU (CVE-2020-14621)

Information:

"Vulnerable software installed: IBM JRE 7.0.10.45 (/opt/CPsuite-R80.40/fw1/oracle_oi/cleancontent/jre/lib/version.properties)"


Solution: 
Upgrade IBM Java to version 7.0.10.50 or 7.1.4.50 or 8.0.5.40"

On CheckPoint command output: 

[Expert@FWSTDR8040:0]# more /opt/CPsuite-R80.40/fw1/oracle_oi/cleancontent/jre/lib/version.properties
#Created by Ant MergeProperties
#Wed Apr 10 06:42:31 BST 2019
sdk.version=pxi3270sr10fp45-20190410_01(SR10 FP45)
sdk.vrmf.version=7.0.10.45

 

What steps is needed to be actioned on CheckPoint.

 

Regards, Prabu

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Just because a vulnerability scanner finds a “vulnerable version” doesn’t mean a vulnerability exists or that it’s exploitable.

One of the CVEs is actually in Eclipse, which we don’t even use.
The other CVE is in a function we don’t use.

View solution in original post

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee

Hi,

Are you in contact with TAC regarding this issue?

They will engage the relevant area to advise further on this and provide a response.

CCSM R77/R80/ELITE
0 Kudos
Prabulingam_N1
Advisor

Hi Chris - Not yet as I'm still implementing solution for customer.

So wanna check if anyone has idea on this.

Regards, Prabu

0 Kudos
PhoneBoy
Admin
Admin

Just because a vulnerability scanner finds a “vulnerable version” doesn’t mean a vulnerability exists or that it’s exploitable.

One of the CVEs is actually in Eclipse, which we don’t even use.
The other CVE is in a function we don’t use.

0 Kudos
Prabulingam_N1
Advisor

Thanks much PhoneBoy..

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events