We have user who doesn't installed Java but they has traces of Java like documentation,certifications,plugins in the machine. But Qualys has detected the machine as vulnerable to many Java vulnerabilities and almost 22 vulnerabilities are tied to it.Lets say some QIDs :121712,122741,124567,370610,370727,370887,371079,371265,105490,121515,123519,370280,123714,124169,370161,121279,122007,122362,370087,370469
We could see in results tab : /usr/bin/java -version 2>&1 java version "1.6.0_45"
Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
Can you guys help here?
Does user needs to install the patches even though they have just traces or they can remove the traces if they are of no use?