Recently I have received VA report from the security team, below mentioned vulnerability are reporting from all Airwatch Workspace one servers (Console, MDM and DB). VA details are mentioned below.
Name
Oracle Java SE 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1 Multiple Vulnerabilities (Oct 2019 CPU) (Windows)
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :
- 2D
- Libraries
- Kerberos
- Networking
- JavaFX
- Hotspot
- Scripting
- Javadoc
- Deployment
- Concurrency
- JAXP
- Serialization
- Security
Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Oracle JDK / JRE 13 Update 1, 11 Update 5, 8 Update 231/ 7 Update 241 or later. If necessary, remove any affected versions.
Please let me confirm us, which java version is compatible with running Airwatch workspace one 1909.