AnsweredAssumed Answered

Does qualys reports java vulnerabilities even if only traces of java found in machine instead of installing java software?

Question asked by Preethi R on Feb 18, 2020
Latest reply on Feb 21, 2020 by srstrud

We have user who doesn't installed Java  but they has traces of Java like documentation,certifications,plugins in the machine. But Qualys has detected the machine as vulnerable to many Java vulnerabilities and almost 22 vulnerabilities are tied to it.Lets say some QIDs  :121712,122741,124567,370610,370727,370887,371079,371265,105490,121515,123519,370280,123714,124169,370161,121279,122007,122362,370087,370469

We could see in results tab : /usr/bin/java -version 2>&1 java version "1.6.0_45"
Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)

 

Can you guys help here?
Does user needs to install the patches even though they have just traces or they can remove the traces if they are of no use?

Outcomes