vulnerability issue in 11.3.6 SP7

Document ID : KB000095216
Last Modified Date : 09/05/2018
Show Technical Document Details
Question:
We have run a Black Duck Scan against the R 11.3.6 SP7 installation and it has come back with High Vulnerability identified as below.
 Apache XML Xalan-Java 2.7.0 apache-xmlxalanjava 407664 CVE-2014-0107 High

The file in question, xalan.jar, is located here:
/opt/CA/WorkloadAutomationAE/autosys/EEMmigrate 
 
Answer:
The file xalan.jar is only used for EEM Migration between 8.4 to 12.0. Since EEM is already upgraded and working you do not need the EEMigrate folder. You may safely delete it.