Recently I have received VA report from the security team, below mentioned vulnerability are reporting from all Airwatch Workspace one servers (Console, MDM and DB). VA details are mentioned below.

Name

Oracle Java SE 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1 Multiple Vulnerabilities (Oct 2019 CPU) (Windows)

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :

  - 2D

  - Libraries

  - Kerberos

  - Networking

  - JavaFX

  - Hotspot

  - Scripting

  - Javadoc

  - Deployment

  - Concurrency

  - JAXP

  - Serialization

  - Security

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Oracle JDK / JRE 13 Update 1, 11 Update 5, 8 Update 231/ 7 Update 241 or later. If necessary, remove any affected versions.

Please let me confirm us, which java version is compatible with running Airwatch workspace one 1909.