jschier
Level 3

Vulnerabilities (critical, high, medium) detected in FNP 11.18.2.0

We detected some vulnerabilities in FNP 11.18.2.0 and we want to know for each of them if the lmadmin is affected from that vulnerabilities and if yes, if there is any mitigation. 

openssl v1.1.1k:
- CVE-2021-3711 (9.8 CVSS v3)
- CVE-2021-3712 (7.4 CVSS v3)

apache portable runtime (apr) v1.6.5:
CVE-2021-35940 (7.1 CVSS v3)

apache httpd v2.4.48:
- CVE-2021-33193 (7.5 CVSS v3)
- CVE-2021-32785 (7.5 CVSS v3)
- CVE-2021-32786 (6.1 CVSS v3)
- CVE-2021-32792 (6.1 CVSS v3)
- CVE-2021-32791 (5.9 CVSS v3)

Thanks in advance!

1 Reply
jyadav
Revenera
Revenera

@jschier 

- CVE-2021-3711 (9.8 CVSS v3)
- CVE-2021-3712 (7.4 CVSS v3)

CVE-2021-35940 (7.1 CVSS v3) are fixed in 11.18.3

CVE-2021-32786, CVE-2021-32792, CVE-2021-32785, CVE-2021-32791 are NOT applicable because that affected functionality OpenID of apache httpd is NOT used by the lmadmin, according to our Engineering team.

 

0 Kudos