cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jschier
Level 3

Vulnerabilities (critical, high, medium) detected in FNP 11.18.2.0

We detected some vulnerabilities in FNP 11.18.2.0 and we want to know for each of them if the lmadmin is affected from that vulnerabilities and if yes, if there is any mitigation. 

openssl v1.1.1k:
- CVE-2021-3711 (9.8 CVSS v3)
- CVE-2021-3712 (7.4 CVSS v3)

apache portable runtime (apr) v1.6.5:
CVE-2021-35940 (7.1 CVSS v3)

apache httpd v2.4.48:
- CVE-2021-33193 (7.5 CVSS v3)
- CVE-2021-32785 (7.5 CVSS v3)
- CVE-2021-32786 (6.1 CVSS v3)
- CVE-2021-32792 (6.1 CVSS v3)
- CVE-2021-32791 (5.9 CVSS v3)

Thanks in advance!

(1) Reply
jyadav
Flexera Alumni

@jschier 

- CVE-2021-3711 (9.8 CVSS v3)
- CVE-2021-3712 (7.4 CVSS v3)

CVE-2021-35940 (7.1 CVSS v3) are fixed in 11.18.3

CVE-2021-32786, CVE-2021-32792, CVE-2021-32785, CVE-2021-32791 are NOT applicable because that affected functionality OpenID of apache httpd is NOT used by the lmadmin, according to our Engineering team.

 

0 Kudos