Can Java be updated if my current version has vulnerabilities?

OpenJDK can be upgraded within the minor build version but this should only be done as a last option. If you are not on the latest version of the on-prem EDR Server, upgrade that first and verify the current version is outside the vulnerability. 

Although we do not foresee issues with upgrading Java OpenJDK, this is done at your own risk. QA testing is done on the version shipped with each CB EDR Server version only. VMWare CB does not install the Java JDK, so we recommend following the guidelines provided by the OS provider.