The problem you're describing is a known issue for R&D.
As far as I understand, the problem isn't relevant for UCMDB.
Please check following on the provided link: "These vulnerabilities are not applicable to Java running on servers". So, the only part that could be affected is client. Since client running on the remote customer system, JVM there could be updated accordingly.
Hope this helps.
Regards -Dmitry Gomel, PMP If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution. Click the Like button at the bottom to say 'Thanks'.