To explain my request:
On a Unix system, we've some differents Java installed in differents folder - location.
Each Java is independant and each java is used by a different application.
BUT when you perform a "connected scan" with Qualys, Qualys scan only the SYSTEM java as you can find the information in the attached file.
Then, the vulnerability for the Java system is detected but for the other application Java we don't have any information.
Can you help we how I could set qualys ? or can you tell me why qualys not perform a vulnerability scanning on all java version
In the attached file you can find information about a test on a unix host:
And for the scan result, only the vulnerability related to the Java system is detected.