The purpose of this article is to provide a list of commonly known vulnerabilities along with an explanation as to why the LM is not affected.
This article is not a comprehensive list of vulnerabilities going back to the dawn of the loadmaster. The article is also not a best practice security guide.
|CVE Entry||Affected Libraries||Fixed Version||Comments|
|CVE-2021-3156||Sudoedit Linux||N/A||Not vulnerable. sudoedit on linux. Not applicable to LM.|
|CVE-2021-1732||Windows NETLOGON||N/A||NA to LM. This is windows issue.|
|CVE-2020-15598||ModSecurity v3||N/A||LoadMaster is not vulnerable as it runs the ModSecurity v2.9 release line.|
|CVE-2019-16905||openssh||7.7,7.9,8.x- 8.1||NA. Not vulnerable. Experimental code which is not built as part of LMOS.|
|CVE-2019-0190||openssl||1.1.1||NA, not relevant to LMOS - only relevant to Apache HTTP server.|
|CVE-2019-1551||openssl||1.1.1||NA, this is with 512-bit moduli - I.e. a 512 HD random key - the default is for 2K keys so this is not relevant.|
|openssl||1.1.1||NA, sslproxy forks first and then starts openssl, so this is not applicable.|
|CVE-2019-1563||openssl||1.1.1||NA, The LM does not use PKCS7 or CMS and it always uses a certificate.|
|CVE-2019-1547||openssl||1.1.1||NA, LM only uses libssl interface which is indicated to be not vulnerable.|