Level 3

Vulnerabilities (critical, high, medium) detected in FNP

We detected some vulnerabilities in FNP and we want to know for each of them if the lmadmin is affected from that vulnerabilities and if yes, if there is any mitigation. 

openssl v1.1.1k:
- CVE-2021-3711 (9.8 CVSS v3)
- CVE-2021-3712 (7.4 CVSS v3)

apache portable runtime (apr) v1.6.5:
CVE-2021-35940 (7.1 CVSS v3)

apache httpd v2.4.48:
- CVE-2021-33193 (7.5 CVSS v3)
- CVE-2021-32785 (7.5 CVSS v3)
- CVE-2021-32786 (6.1 CVSS v3)
- CVE-2021-32792 (6.1 CVSS v3)
- CVE-2021-32791 (5.9 CVSS v3)

Thanks in advance!

1 Reply


- CVE-2021-3711 (9.8 CVSS v3)
- CVE-2021-3712 (7.4 CVSS v3)

CVE-2021-35940 (7.1 CVSS v3) are fixed in 11.18.3

CVE-2021-32786, CVE-2021-32792, CVE-2021-32785, CVE-2021-32791 are NOT applicable because that affected functionality OpenID of apache httpd is NOT used by the lmadmin, according to our Engineering team.


0 Kudos