Java Libraries

Click Java libraries to view the list of Java libraries associated with the selected fleet.

The Java libraries detected during the Scan for Java Libraries are listed in the table.

The following Java libraries information is presented in the table:

  • Library: application Java libraries that were detected during the scan
  • Version: version number of the Java library
  • CVE ID: a Common Vulnerabilities and Exposures (CVE) ID number is a unique identifier associated with a specific vulnerability in a computer system or software. Click the associated link to view the details on the National Vulnerability Database (NVD) site.
  • CVSS score: the CVSS scoring system is an indication of the security vulnerability associated with the score. JMS uses CVSS version 2.0 scoring system. The scores are provided by the National Vulnerability Database and denote the following:
    • 7 - 10: This library has vulnerabilities with High severity.
    • 4 - 6.9: This library has vulnerabilities with Medium severity.
    • 0.1 - 3.9: This library has vulnerabilities with Low severity.
    • 0: This library has no vulnerabilities.
    • Unknown: The severity of the vulnerabilities in this library is unknown. There could be a lack of information needed to determine the CVSS scores, but this doesn't guarantee that there are no vulnerabilities.

      • Scan for Java Libraries might not have identified all library dependencies of the application.
      • Analysis might not have identified all vulnerabilities.
      • There might be new vulnerabilities affecting your application as data is refreshed from the National Vulnerability Database on a weekly basis. The information block in Java Library Details page displays the date when the vulnerability data for the identified libraries was last refreshed. To detect these new vulnerabilities, we recommend you to perform the scan for Java libraries frequently.

      Therefore, the results of the analysis are not to be treated as absolute. You might need to run other security scans.

  • Application: the number of applications that use the libraries
  • Deployed Application: the deployed applications that use the libraries
  • Managed Instance: the number of instances where the libraries have been detected
  • First reported: date and time when the libraries were first detected
  • Last reported: date and time when the libraries were last reported

Click the library name to view the details. See Java Library Details.