OBI Administration Client Tool - Vulnerability in Embedded java.exe
Oracle BI Administration Tool
Version 12.2.2.0.20
Installed on a Windows 10 PC
Internal security is flagging a vulnerability on the following files:
C:\Oracle\Middleware\Oracle_Home\bi\modules\oracle.bi.datadirect.odbc\8.0.1\jre\bin\java.exe
C:\Oracle\Middleware\Oracle_Home\bi\modules\oracle.bi.datadirect.odbc\7.1.5\jre\bin\java.exe
C:\Oracle\Middleware\Oracle_Home\bi\modules\oracle.bi.datadirect.odbc\7.1.4\jre\bin\java.exe
C:\Oracle\Middleware\Oracle_Home\bi\modules\oracle.bi.datadirect.odbc\5.3.\jre\bin\java.exe
We cannot remove the entire directories, because the startup of the Administration Tool looks for the odbc.properties file.
Can we archive-off the four java.exe files without any harm to functionality? I can play with this, but I would like a definitive answer. Alternately, is there a patch that we could run? Keep in mind that these are not OBI servers, but PCs running the Oracle BI Administration Tool, which includes Catalog Manager and Job Manager. Any patch that I found on this issue is for an OBI Server installation, and includes several fixes to other problems.