Oracle Cloud Infrastructure Documentation

Java Libraries

Select Java libraries to view the list of Java libraries associated with the selected fleet.

The Java libraries detected during the Scan for Java Libraries are listed in the table.

In the Search and Filter text field, you can filter the displayed resources by using the drop-down menu. The available options include:

  • Library: filter the list of Java libraries by application libraries
  • CVSS score: filter the list of Java libraries by CVSS score

Use Applied filters drop-down to select the required time period for displaying the resources. By default, resources pertaining to last 7 days are displayed.

You can customize the table columns by using the Manage columns icon.

The following Java libraries information is presented in the table:

  • Library: application Java libraries that were detected during the scan
  • Version: version number of the Java library
  • CVE ID: a Common Vulnerabilities and Exposures (CVE) ID number is a unique identifier associated with a specific vulnerability in a computer system or software. Click the associated link to view the details on the National Vulnerability Database (NVD) site.
  • CVSS score: the CVSS scoring system is an indication of the security vulnerability associated with the score. JMS uses CVSS version 2.0 scoring system. The scores are provided by the National Vulnerability Database and denote the following:
    • 7 - 10: This library has vulnerabilities with High severity.
    • 4 - 6.9: This library has vulnerabilities with Medium severity.
    • 0.1 - 3.9: This library has vulnerabilities with Low severity.
    • 0: This library has no vulnerabilities.
    • Unknown: The severity of the vulnerabilities in this library is unknown. There could be a lack of information needed to determine the CVSS scores, but this doesn't guarantee that there are no vulnerabilities.
      Note

      • Scan for Java Libraries might not have identified all library dependencies of the application.
      • Analysis might not have identified all vulnerabilities.
      • There might be new vulnerabilities affecting your application as data is refreshed from the National Vulnerability Database on a weekly basis. The information block in Java Library Information page displays the date when the vulnerability data for the identified libraries was last refreshed. To detect these new vulnerabilities, we recommend you to perform the scan for Java libraries frequently.

      Therefore, the results of the analysis are not to be treated as absolute. You might need to run other security scans.

  • Application: the number of applications that use the libraries
  • Deployed Application: the deployed applications that use the libraries
  • Managed Instance: the number of instances where the libraries have been detected
  • First reported: date and time when the libraries were first detected
  • Last reported: date and time when the libraries were last reported

In the Items per page field, choose 10, 20, 50, or 100 items to display. Select the header of a column to sort the list based on the title of the column.

Select the library name to view the details. See Java Library Information.