cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerability Report till FNP-11.19.4 (Quick Referance)

Vulnerability Report till FNP-11.19.4 (Quick Referance)

  Vulnerability ID Affected Module FNP Component JIRA (If any, Internal For Revenera) Fixed in Release Comments CVSS2
               
1 CVE-2020-11984 apache lmadmin.exe FNP-23859 FNP v11.17.2    
2 CVE-2020-9490 apache lmadmin.exe FNP-23860 FNP v11.17.2    
3 CVE-2020-11993 apache lmadmin.exe FNP-23861 FNP v11.17.2    
4 CVE-2014-3596 axis axis.jar FNP-24232   Under assesment with Engineering 5.8
5 CVE-2012-5784 axis axis.jar FNP-24232   Under assesment with Engineering 5.8
6 CVE-2019-0227 axis axis.jar FNP-24232   Under assesment with Engineering 5.4
7 CVE-2018-8032 axis axis.jar FNP-24232   Under assesment with Engineering 4.3
8 CVE-2018-20843 expat haspsrm_win64.dll FNP-22651 FNP v11.17.2    
9 CVE-2019-15903 expat haspsrm_win64.dll FNP-22651 FNP v11.17.2    
10 CVE-2019-7659 gsoap lmadmin.exe FNP-20529 Not an Issue with FNP The vulnerability will be introduced if gsoap is build with WITH_COOKIES flag enabled. In FNP, gsoap is built without WITH_COOKIES. Hence, mentioned vulnerability will not impact FnpCommsSoap.dll or FNP.  
11 CVE-2007-6059 javamail mail.jar FNP-17545   Javamail Vulnerability - Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.  
12 CVE-2020-24977 libxml2 lmadmin.exe FNP-23595   Under assesment with Engineering 6.4
13 CVE-2019-1563 openssl libcrypto-1_1-x64.dll No Issues Reported Yet I see that OpenSSL version in FNP-11.17.1 is 1.1.0k. So, this shouldn't have been reported in v11.17.1 lmadmin Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s) 4.3
14 CVE-2020-14155 pcre lmadmin.exe FNP-23271 FNP v11.17.2    
15 CVE-2018-1311 xerces-c++ xerces-c_3_2.dll FNP-22313 No Fix Needed for FNP The Vulnerability reported has not been resolved any of the published versions of xerces, thus we can not update it to some version with resolved vulnerability, but this vulnerability can be mitigated by disabling the DTD processing while using the parser from xerces.

On analysis of lmadmin, we figured out that DTD processing is already been disabled using the DOM parser from long time.
Thus lmadmin is not vulnerable to this vulnerability "CVE-2018-1311" and no fix is required for the same.
 
16 CVE-2016-9840 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2    
17 CVE-2016-9841 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2    
18 CVE-2016-9842 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2    
19 CVE-2016-9843 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2    
20

CVE-2020-7595

CVE-2019-20388

CVE-2020-24977

libxml2 lmadmin FNP-23595 FNP v11.18.1 Multiple vulnerabilities were found in libxml2 v2.9.10, which is used by lmadmin. Latest available
patches were applied to libxml2 to resolve the vulnerabilities CVE-2020-7595, CVE-2019-20388 and
CVE-2020-24977
 
21 CVE-2021-3450 openssl lmadmin FNP-25063 FNP v11.18.1 The CVE-2021-3450 vulnerability is seen with openssl-1.1.1i version in 11.18.1.0 release. It will be
resolved in successive FNP release.
 
22

CVE-1999-0236

CVE-1999-1412

CVE-2007-0086

apache lmgrd,lmadmin and unitily FNP-25244 FNP v11.18.2 The vulnerabilities CVE-1999-0236, CVE-1999-1412, and CVE-2007-0086, which were observed
through Code Insight Scan has been resolved.
10.0
23 CVE-2022-40303   libxml2

FNP-27980

FNP-27932

FNP v11.19.4 The vulnerabilities CVE-2022-40303 and CVE-2022-40304 are fixed by upgrading the libxml2 from
version 2.9.14 to version 2.10.3.
 
Was this article helpful? Yes No
No ratings
Comments

Now, that saved my day!!!! Thanks alot.

Version history
Last update:
‎Sep 07, 2023 06:59 AM
Updated by:
Contributors