ACAS scan for Java vulns PlugIn ID’s 170161,166316

Java vulnerabilities on your SCOM servers

 

If you’re responsible for security compliance with SCOM servers, there will be times when applications need to be upgraded.   Current effort is Java vulnerabilities on your SCOM servers, current examples are plugIn ID’s  170161,166316.  Compliance and Security are big deals, even in air-gapped networks.   Why – even if external hacking risk is low, the security tools will cause administrative headaches when scanning weekly or more often.  The scans can also be intrusive in nature, causing even more problems.   For the Java vulnerabilities, when running some 3rd party tools, like Cisco UCS monitoring,  Java is installed for the application to run.   Java is like OS updates, comes up with periodic vulnerabilities popping up on your favorite security scanner software/tool (like Nessus/ACAS/Tenable+).

 

 

Oracle Java vulnerability detail links ID 170161, ID 166316

ACAS Java vulnerabilities
ACAS Java vulnerabilities

 

These specific vulnerabilities, the tool is looking for paths for Java 1.8.0+.   Even after upgrading Java, the vulnerabilities still showed, requesting debug output, it showed two paths on C: (64 and 32bit paths).

 

Plugin Output:

Path              : C:\Program Files (x86)\Java\jre1.8.0_341\

Installed version : 1.8.0_341 / build 8.0.341

Fixed version     : Upgrade to version 8.0.361 or greater

 

Path              : C:\Program Files\Java\jre1.8.0_341\

Installed version : 1.8.0_341 / build 8.0.341

Fixed version     : Upgrade to version 8.0.361 or greater

 

In my case, the upgrade completed, but did not remove the old version 1.8.0_341 (vulnerable version)!

 

PS C:\Program Files\java> gci

Directory: C:\Program Files\java

Mode                LastWriteTime         Length Name

—-                ————-         —— —-

da—-        7/28/2022   6:27 AM                jre1.8.0_341

da—-        3/15/2023   6:12 PM                jre1.8.0_361

 

 

Verify Java version on affected server(s)

Verify install – whether you check from Windows Explorer for the C: drive path, or from Control Panel > Programs and Features > Installed

Java application from Programs and Features
Java application from Programs and Features

 

NOTE multiple Java versions show installed on the server.   For resolving the vulnerability, you’ll need to download latest update from Oracle here, install, and then remove the old versions (see that the 32 and 64 bit versions were installed)

 

From PowerShell as admin, go to the path where you saved the Java exe

Java installer splash screen
Java installer splash screen

 

Click Close once Java installed

Java install completed
Java install completed

 

Additional validation step

From Event Viewer, Application Event Log, look for MsiInstaller events to validate Java install successful

Windows Application Event Log, looking for MSIInstaller events to validate Java install successful
Windows Application Event Log, looking for MSIInstaller events to validate Java install successful

 

For me, knowing that Cisco UCS application used java, I wanted to verify the alerts in SCOM, as well as the service restarted without issue.

 

Cisco UCS Service from services.msc
Cisco UCS Service from services.msc

 

Happy trails, being compliant and secure!

 

Leave a Reply

Your email address will not be published. Required fields are marked *