If you’re responsible for security compliance with SCOM servers, there will be times when applications need to be upgraded. Current effort is Java vulnerabilities on your SCOM servers, current examples are plugIn ID’s 170161,166316. Compliance and Security are big deals, even in air-gapped networks. Why – even if external hacking risk is low, the security tools will cause administrative headaches when scanning weekly or more often. The scans can also be intrusive in nature, causing even more problems. For the Java vulnerabilities, when running some 3rd party tools, like Cisco UCS monitoring, Java is installed for the application to run. Java is like OS updates, comes up with periodic vulnerabilities popping up on your favorite security scanner software/tool (like Nessus/ACAS/Tenable+).
Oracle Java vulnerability detail links ID 170161, ID 166316
These specific vulnerabilities, the tool is looking for paths for Java 1.8.0+. Even after upgrading Java, the vulnerabilities still showed, requesting debug output, it showed two paths on C: (64 and 32bit paths).
Plugin Output:
Path : C:\Program Files (x86)\Java\jre1.8.0_341\
Installed version : 1.8.0_341 / build 8.0.341
Fixed version : Upgrade to version 8.0.361 or greater
Path : C:\Program Files\Java\jre1.8.0_341\
Installed version : 1.8.0_341 / build 8.0.341
Fixed version : Upgrade to version 8.0.361 or greater
In my case, the upgrade completed, but did not remove the old version 1.8.0_341 (vulnerable version)!
PS C:\Program Files\java> gci
Directory: C:\Program Files\java
Mode LastWriteTime Length Name
—- ————- —— —-
da—- 7/28/2022 6:27 AM jre1.8.0_341
da—- 3/15/2023 6:12 PM jre1.8.0_361
Verify Java version on affected server(s)
Verify install – whether you check from Windows Explorer for the C: drive path, or from Control Panel > Programs and Features > Installed
NOTE multiple Java versions show installed on the server. For resolving the vulnerability, you’ll need to download latest update from Oracle here, install, and then remove the old versions (see that the 32 and 64 bit versions were installed)
From PowerShell as admin, go to the path where you saved the Java exe
Click Close once Java installed
Additional validation step
From Event Viewer, Application Event Log, look for MsiInstaller events to validate Java install successful
For me, knowing that Cisco UCS application used java, I wanted to verify the alerts in SCOM, as well as the service restarted without issue.
Happy trails, being compliant and secure!