Out of Data Java detected in Solarwinds install

Question

We have NPM, NTA, IPAM, NCM, UDT, VM Manager.  When running vulnerability scans against our Orion server we see old versions of Java installed in the solarwinds root folder.  They don't show up in the install programs list but there in the solarwinds root.  Can I get rid of them?  If not can they be updated somehow to current versions?  If not, how do you remove them when they don't show up in the installed programs?

Path              : C:\Program Files (x86)\SolarWinds\Orion\OpenJDK\13\bin\java.exe  Installed version : 1.13.0_00  Latest versions   : 1.8.0_271 / 1.11.0_9 / 1.15.0_1  Support dates     : 2020-04-01 (end of life)  Path              : C:\Program Files (x86)\SolarWinds\Orion\OpenJDK\14\bin\java.exe  Installed version : 1.14.0_02  Latest versions   : 1.8.0_271 / 1.11.0_9 / 1.15.0_1  Support dates     : 2020-10-01 (end of life)

Path              : C:\Program Files (x86)\SolarWinds\Orion\OpenJDK\13\bin\java.exe  Installed version : 1.13.0_00  Fixed version     : 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1

The following vulnerable instance of Java is installed on theremote host :  Path              : C:\Program Files (x86)\SolarWinds\Orion\OpenJDK\13\bin\java.exe  Installed version : 1.13.0_00  Fixed version     : 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1

Path              : C:\Program Files (x86)\SolarWinds\Orion\OpenJDK\13\bin\java.exe  Installed version : 1.13.0_00  Fixed version     : 1.7.0_251 / 1.8.0_241 / 1.11.0_6 / 1.13.0_2

jblankjblank · Answer

@benny32 - https://support.solarwinds.com/SuccessCenter/s/article/Outdated-version-of-Java-in-VMAN-installation?language=en_US

jblankjblank · Answer

@benny32 To circle back the team is going to publish a public facing document for what can and should be removed and ensure these are also removed completely in future releases. Once I see that doc I will share it here.

jblankjblank · Answer

Yes - Thank you. I have created an internal case to have a look.