Skip to main content
N
NT_1271119112-Amethyst
12-Amethyst
January 9, 2025
Solved

Amazon Corretto Java Vulnerability

  • January 9, 2025
  • 3 replies
  • 2125 views

We have two Creo Citrix Windows 2019 servers that have been flagged for a software vulnerability. This is the PTC Creo Parametric version 9.10.1.0. It states that the following software has been installed in this path: C:\Program Files\PTC\Creo 9.0.1.0\Common Files\x86e_win64\gpost\ncjlibs\  is version 11.0.11.9.1 but the fixed version is 11.0.14.10.1.

 

 

When I went to the AWS website the it shows that available version is actually 11.0.25. Should I use this version? Does this have any impact on how the Creo software functions?

 

Please let me know if you need any additional information. Thank you. 

Best answer by NT_12711191

I ended up upgrading to Creo to 11.0.4.0. I also upgraded Amazon Corretto Java to 17.0.15.6 and this removed the Java security vulnerabilities for the Creo Citrix Windows 2019 servers. 

3 replies

V
24-Ruby III
VladimirN24-Ruby III
24-Ruby III
January 9, 2025

Take a look:

N
NT_1271119112-AmethystAuthor
12-Amethyst
January 15, 2025

Thank you. I noticed that in the list of installed programs Amazon Corretto is already on 11.0.16.9 which would address the vulnerability. However, the vulnerability report is pointing to this file path C:\Program Files\PTC\Creo 9.0.1.0\Common Files\x86e_win64\gpost\ncjlibs\ which is still on 11.0.11. I'll work to address this issue. 

Catalina
CatalinaCommunity Manager
Community Moderator
February 14, 2025

Hi @NT_12711191 ,

I wanted to see if you got the help you needed.

If so, please mark the appropriate reply as the Accepted Solution or please feel free to detail in a reply what has helped you and mark it as the Accepted Solution. It will help other members who may have the same question.

Of course, if you have more to share on your issue, please pursue the conversation.

Thanks,

Catalina | PTC Community Moderator
R
RandyJones20-Turquoise
20-Turquoise
January 9, 2025

Take a look at the "release" file in the jre directory. From my 9.0.8.0 release:

C:\ptc\creo_parametric-9.0\Creo 9.0.8.0\Common Files\x86e_win64\gpost\ncjlibs\jre\release

 

IMPLEMENTOR="Eclipse Adoptium"
IMPLEMENTOR_VERSION="Temurin-11.0.16+8"
JAVA_VERSION="11.0.16"
JAVA_VERSION_DATE="2022-07-19"
LIBC="default"
MODULES="java.base java.compiler java.datatransfer java.xml java.prefs java.desktop java.instrument java.logging java.management java.security.sasl java.naming java.rmi java.management.rmi java.net.http java.scripting java.security.jgss java.transaction.xa java.sql java.sql.rowset java.xml.crypto java.se java.smartcardio jdk.accessibility jdk.internal.vm.ci jdk.management jdk.unsupported jdk.internal.vm.compiler jdk.aot jdk.internal.jvmstat jdk.attach jdk.charsets jdk.compiler jdk.crypto.ec jdk.crypto.cryptoki jdk.crypto.mscapi jdk.dynalink jdk.internal.ed jdk.editpad jdk.hotspot.agent jdk.httpserver jdk.internal.le jdk.internal.opt jdk.internal.vm.compiler.management jdk.jartool jdk.javadoc jdk.jcmd jdk.management.agent jdk.jconsole jdk.jdeps jdk.jdwp.agent jdk.jdi jdk.jfr jdk.jlink jdk.jshell jdk.jsobject jdk.jstatd jdk.localedata jdk.management.jfr jdk.naming.dns jdk.naming.ldap jdk.naming.rmi jdk.net jdk.pack jdk.rmic jdk.scripting.nashorn jdk.scripting.nashorn.shell jdk.sctp jdk.security.auth jdk.security.jgss jdk.unsupported.desktop jdk.xml.dom jdk.zipfs"
OS_ARCH="x86_64"
OS_NAME="Windows"
SOURCE=".:git:7c1302165968"
BUILD_SOURCE="git:9f94df3"
BUILD_SOURCE_REPO="https://github.com/adoptium/temurin-build.git"
SOURCE_REPO="https://github.com/adoptium/jdk11u.git"
FULL_VERSION="11.0.16+8"
SEMANTIC_VERSION="11.0.16+8"
BUILD_INFO="OS: Windows Server 2012 R2 Version: 6.3"
JVM_VARIANT="Hotspot"
JVM_VERSION="11.0.16+8"
IMAGE_TYPE="JRE"

 

This jre runtime is from Adoptium. So to update it simply go to the adoptium web site:

https://adoptium.net/

https://adoptium.net/temurin/releases/?os=windows&arch=x64&package=jre&version=11

 

Select the latest Windows x64 jre version 11 runtime zip file, download, extract, and replace jre with the updated version

 

 

N
NT_1271119112-AmethystAuthor
12-Amethyst
January 15, 2025

Thank you. 

N
NT_1271119112-AmethystAuthorAnswer
12-Amethyst
June 9, 2025

I ended up upgrading to Creo to 11.0.4.0. I also upgraded Amazon Corretto Java to 17.0.15.6 and this removed the Java security vulnerabilities for the Creo Citrix Windows 2019 servers. 

    Terms & ConditionsCookie settingsAccessibility statement