Dear Valued Customer,
a vulnerability was identified within the LightTPD component version 1.4.49 of the OpenLM Server on version 5.6 and below. You can find more details about the vulnerability on the Tenable portal:
https://www.tenable.com/plugins/nessus/119607
The immediate resolution to this vulnerability is to upgrade to OpenLM Server version 21, which is built on a different platform (Kestrel), does not contain the above mentioned issue, and overall improves the security of OpenLM products. You can find more details about the upgrade on OpenLM Website:
https://www.openlm.com/knowledge-base/upgrade-openlm-to-version-21-and-identity-service-configuration-kb1001/
The alternative to the above for OpenLM version 5.6 and below is to utilize the option of using Microsoft’s IIS instead of the LightTPD built-in within OpenLM Server. You can find more details about using OpenLM with IIS on OpenLM Website:
https://www.openlm.com/knowledge-base/configuring-openlm-easyadmin-use-microsoft-iis-10-kb800/
The OpenLM Team takes security very seriously. In case you have any further questions, please kindly approach our Support department at support@openlm.com.
Thank you,
Branislav Potoček,
VP Support & Services