This "HP Mercury LoadRunner Agent Remote Command Execution" vulnerability is a very old (2010) bug that was fixed by upgrading to a LoadRunner version 9.5 or higher. Since you are using LRE 2021 (10 major versions newer than the 9.0/9.1) it may be a false positive as many of the effected .dll files were reworked/updated but the file names remain the same.
Currently, there are no known security vulnerabilities with LRE 2021 software.
- Are there any old versions 12.60 or lower (HP or HPE) folders, still on the machine(s). Many times uninstallers don't delete all the old application folders/subfolders?
According to Micro Focus this "vulnerability" is a false positive:
“Even if they ( companies) enable SSL, the tenable scanner which reported the vulnerability will still report it as it associates our agent with the known CVE.
However, if SSL is enabled this reported vulnerability becomes a false positive so it can be discarded from the scanner results.”