Siteminder Access Gateway ships bundled with an instance of Apache HTTP Server.  The following is a list of Apache HTTP Server by Siteminder Access Gateway verion:

Access Gateway r12.8.4:  Apache HTTP Server 2.4.43
Access Gateway r12.8.5:  Apache HTTP Server 2.4.46
Access Gateway r12.8.6:  Apache HTTP Server 2.4.48
Access Gateway r12.8.6a:  Apache HTTP Server 2.4.52
Access Gateway r12.8.7:  Apache HTTP Server 2.4.54

KB 262099 delivers Apache HTTP Server 2.4.56 for Access Gateway Server.

KB 262099: Apache HTTP Server 2.4.56 for Access Gateway Server.

Security has reported critical issues CVE-2021-44224 and CVE-2021-44790 with the 2.4.51 version of Apache in SiteMinder.

Release : 12.8.05

Component : SITEMINDER SECURE PROXY SERVER

CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier 

Description: A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).

Impacted: Apache HTTP Server 2.4.7 up to 2.4.51

CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier

Severity:  important:

Description: A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).  The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one.

Impacted: Apache HTTP Server 2.4.51 and earlier.

This KB is superseded by KB 262099 which delivers Apache HTTP Server 2.4.56 for Access Gateway Server.

KB 262099: Apache HTTP Server 2.4.56 for Access Gateway Server.