Yesterday I installed the Insight Agent on the Rapid7 Insight Collector and today I saw that this server has many java related vulnerabilities. It turned out that with the installation of the collector application, apparently outdated java lib is included.
Has anyone else noticed this? If so, how do you deal with it?
For me, this finding is a bit embarrassing, as we push the patching of Java from our side. But we use systems that also work with outdated Java components.
I have also noticed this - will be watching if anyone has an answer.
Interestingly, these vulnerabilities have now disappeared.
This is all what is left:
I do not know if Rapid7 already fixed this issue. In fact, I mentioned this in another support case and asked that they update the Java components in the software.