In some cases vulnerability scanners will tell you that there is a vulnerable version of Java installed but not tell you where it is. This is a short post on solving that problem – for Linux machines.
Run the following code :-
for j in $(find / -type f -executable -name java) do echo $j, $($j -version 2>&1 |head -n 1) done 2> /dev/null
And you will get a list of pathnames to java binaries with the version shown after the comma :-
/opt/java_splunk/jdk1.8.0_212/bin/java, java version "1.8.0_212" /opt/java_splunk/jdk1.8.0_212/jre/bin/java, java version "1.8.0_212"