Potential Oracle Vulnerability with CA SSO

Document ID : KB000121500
Last Modified Date : 26/11/2018
Show Technical Document Details
Question:
We're runnning CA Single Sign-On 12.7 and we'd like to know if this Oracle
Vulnerability reports apply to it.

Credit Statement 

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html 
Answer:
CA Single Sign-On does include only this Oracle software : 

Third-Party Software Acknowledgments 

Oracle 
Oracle Java Runtime Environment (JRE) 1.8.0_72 
Oracle JDK (Java Development Kit) 1.8.0_77 

https://docops.ca.com/ca-single-sign-on/12-7/en/third-party-software-acknowledgments 

which are related to the AdminUI. 

Looking at the 12 reported problem with Java SE, I see none affecting 
the JRE nor JDK 1.8.0_72 and 1.8.0_77. 

CVE-2018-3183 java 8u181 and 11 
CVE-2018-3209 java 8u182 
CVE-2018-3169 java 7u191, 8u182 and 11 
CVE-2018-3149 Java 6u201, 7u191, 8u182 and 11    
CVE-2018-3211 java 8u181, 8u182 and 11    
CVE-2018-3180 java 6u201, 7u191, 8u181, 8u182 and 11 
CVE-2018-3214 java 6u201, 7u191, 8u181 and 8u182 
CVE-2018-3157 java 11    
CVE-2018-3150 java 11    
CVE-2018-13785 java 6u201, 7u191, 8u181, 8u182 and 11    
CVE-2018-3136 java 6u201, 7u191, 8u181, 8u182 and 11    
CVE-2018-3139 java 6u201, 7u191, 8u181, 8u182 and 11    

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA