Java Libraries
In the Resources section, click Java libraries to view the list of application Java libraries that are associated with the selected managed instance during the specified time period.
For each Java library, the table presents the following information:
- Library: application Java libraries that were detected in the managed instance during the selected time period
- Version: version number of the Java library
- CVSS score: the CVSS scoring system is an indication of the security
vulnerability associated with the score. JMS
uses CVSS version 2.0 scoring system. The scores are provided by the National
Vulnerability Database and denote the following:
- 7 - 10: This library has vulnerabilities with High severity.
- 4 - 6.9: This library has vulnerabilities with Medium severity.
- 0.1 - 3.9: This library has vulnerabilities with Low severity.
- 0: This library has no vulnerabilities.
- Unknown: The severity of the vulnerabilities in this library is
unknown. There could be a lack of information needed to determine the CVSS
scores, but this doesn't guarantee that there are no vulnerabilities.
Note
- Scan for Java Libraries might not have identified all library dependencies of the application.
- Analysis might not have identified all vulnerabilities.
- There might be new vulnerabilities affecting your application as data is refreshed from the National Vulnerability Database on a weekly basis. To detect these new vulnerabilities, we recommend you to perform the scan for Java libraries frequently.
Therefore, the results of the analysis are not to be treated as absolute. You might need to run other security scans.
- Applications: the number of applications that use the libraries
- Deployed applications: the number of deployed applications that use the libraries
- First reported: date and time when the libraries were first detected
- Last reported: date and time when the libraries were last reported
Click the library name to view the details. See Java Library Details.