cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerability Report till FNP-11.17.1 (Quick Referance)

Vulnerability Report till FNP-11.17.1 (Quick Referance)

  Vulnerability ID Affected Module FNP Component JIRA (If any, Internal For Revenera) Fixed in Release Comments CVSS2
               
1 CVE-2020-11984 apache lmadmin.exe FNP-23859 FNP v11.17.2    
2 CVE-2020-9490 apache lmadmin.exe FNP-23860 FNP v11.17.2    
3 CVE-2020-11993 apache lmadmin.exe FNP-23861 FNP v11.17.2    
4 CVE-2014-3596 axis axis.jar FNP-24232   Under assesment with Engineering 5.8
5 CVE-2012-5784 axis axis.jar FNP-24232   Under assesment with Engineering 5.8
6 CVE-2019-0227 axis axis.jar FNP-24232   Under assesment with Engineering 5.4
7 CVE-2018-8032 axis axis.jar FNP-24232   Under assesment with Engineering 4.3
8 CVE-2018-20843 expat haspsrm_win64.dll FNP-22651 FNP v11.17.2    
9 CVE-2019-15903 expat haspsrm_win64.dll FNP-22651 FNP v11.17.2    
10 CVE-2019-7659 gsoap lmadmin.exe FNP-20529 Not an Issue with FNP The vulnerability will be introduced if gsoap is build with WITH_COOKIES flag enabled. In FNP, gsoap is built without WITH_COOKIES. Hence, mentioned vulnerability will not impact FnpCommsSoap.dll or FNP.  
11 CVE-2007-6059 javamail mail.jar FNP-17545   Javamail Vulnerability - Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.  
12 CVE-2020-24977 libxml2 lmadmin.exe FNP-23595   Under assesment with Engineering 6.4
13 CVE-2019-1563 openssl libcrypto-1_1-x64.dll No Issues Reported Yet I see that OpenSSL version in FNP-11.17.1 is 1.1.0k. So, this shouldn't have been reported in v11.17.1 lmadmin Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s) 4.3
14 CVE-2020-14155 pcre lmadmin.exe FNP-23271 FNP v11.17.2    
15 CVE-2018-1311 xerces-c++ xerces-c_3_2.dll FNP-22313 No Fix Needed for FNP The Vulnerability reported has not been resolved any of the published versions of xerces, thus we can not update it to some version with resolved vulnerability, but this vulnerability can be mitigated by disabling the DTD processing while using the parser from xerces.

On analysis of lmadmin, we figured out that DTD processing is already been disabled using the DOM parser from long time.
Thus lmadmin is not vulnerable to this vulnerability "CVE-2018-1311" and no fix is required for the same.
 
16 CVE-2016-9840 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2    
17 CVE-2016-9841 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2    
18 CVE-2016-9842 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2    
19 CVE-2016-9843 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2    
Was this article helpful? Yes No
No ratings
Comments

Now, that saved my day!!!! Thanks alot.

Version history
Revision #:
1 of 1
Last update:
‎Nov 10, 2020 06:30 PM
Updated by:
 
Contributors