The CVE-2014-3518 vulnerability for JBoss is a concern because jmx-remoting.sar is deployed by CA Process Automation.
Information about this vulnerability is provided here: CVE-2014-3518
To resolve this for CA Process Automation, please do the following:
1. Stop all CA Process Automation Orchestrators
2. Delete the jmx-remoting.sar folder located in %PAM_HOME%/server/c2o/deploy
3. Restart the CA Process Automation Orchestrators
Attached is a test tool from RedHat - CVE-2014-3518-bin.zip - with instructions on running this test to verify that the vulnerability has been removed.
There is also more information here: https://access.redhat.com/solutions/1120423 specific to the vulnerability and verification.
Subsequent upgrades of CA Process Automation will not redeploy this folder. This folder is only deployed during the initial installation of the product.