Undetected Java Installations

Hello everyone
Quick question to everyone. Is it possible that the Scan Engines do not detect java binaries that are not installed on the default path? We are currently fixing outdated java installations to reduce the high number of vulnerabilities. On a test system, we found out that no more Java vulnerabilities were found, but an outdated Java binary was still installed. However, on a rather unusual path. This binary was installed by a thrid party application in the corresponding path of the thrid party application.
How do you deal with such cases?
Best regards