Visit Azul.com Support

Viewing Detected CVEs in the Web UI

Need help?
Schedule a consultation with an Azul performance expert.
Contact Us
Talk about OpenJDK?
Discuss with the community on the Foojay Forum.
Go to Forum

The Web UI is easiest for looking at data quickly. Use the CVE Analysis view to monitor if your applications have executed code known to be affected by a CVE. Open the web UI and select "Vulnerability Detection".

The table shows all CVEs that have been detected in the classes loaded by your instances. The CVE Status column indicates whether the vulnerable code has been executed or not:

  • USED: The instance has executed the code affected by the CVE.

  • PRESENT: The CVE is present in the classes loaded by the instance, but the instance has not executed the code containing the CVE.

Column Description

Component

The name of the component.
If a known component is detected, its name is shown. In all other cases, the jar-filename is in this column.

Version

The component version.

CVE

The CVE ID. If the component is not affected by any CVE, the column contains the string "No CVE impact".

CVE Score

The CVE score.

CVE Status

Indicates whether the code containing the CVE has been executed.

Timestamp

The timestamp when the CVE was detected.

Hostname

The hostname of the instance host machine.

Instance ID

The instance ID. An instance prints its ID to the console at startup if you enable logging of instance IDs.
Note
 For a short time (a few minutes) after a JVM starts, it will be shown in this overview but no components are listed yet. As soon as vulnerabilities analysis has been performed for the first time, the list will contain the correct data for this new JVM.