We have installed 19C client on Windows server machine and now the Security division has tagged the Java version bundled with 19c as a security vulnerability
Issue:
Oracle Java SE 1.7.0_311 / 1.8.0_301 / 1.11.0_12 / 1.16.0_2 Multiple Vulnerabilities (July 2021 CPU)
The following vulnerable instances of Java are installed on the
remote host :
Path : D:\OracleClient\product\19.0.0\client_1\jdk\jre\bin\java.exe
Path : D:\OracleClientSetup\oraclient_193000\client\stage\Components\oracle.swd.jre\1.8.0.45.0\1\DataFiles\Expanded\filegroup1\jre\bin\java.exe
Path : D:\OracleClientSetup\oraclient_193000\client\stage\Components\oracle.jdk\1.8.0.201.0\1\DataFiles\Expanded\filegroup4\bin\java.exe
Path : D:\OracleClientSetup\oraclient_193000\client\stage\Components\oracle.jdk\1.8.0.201.0\1\DataFiles\Expanded\filegroup2\jre\bin\java.exe
Path : D:\$RECYCLE.BIN\S-1-5-21-12604286-656692736-1848903544-936319\$R403GZ2.X64_193000_client\client\stage\Components\oracle.jdk\1.8.0.201.0\1\DataFiles\Expanded\filegroup2\jre\bin\java.exe
Installed version : 1.8.0_201
Fixed version : 1.7.0_311 / 1.8.0_301 / 1.11.0_12 / 1.16.0_2
Solution:
Please upgrade Oracle Java to at least the Fixed version or higher (in the specific paths listed).
Could you please let us know what patch need to be used to upgrade the Java version on 19c client to 1.8.0_301