Apache is used in various web portals on Check Point Security Gateways and Management.
Things like the Gaia WebUI, Mobile Access Blade, UserCheck portal, etc.
The CVEs you mention specifically aren't relevant as they are only relevant to precise versions of Apache that we are not using.
The only potentially problematic CVE of the bunch listed in sk176113 (in my opinion) is CVE-2021-40438.
At least as I understand it, this could be used to "hop" into a resource behind the gateway.
Unless the attacker knows intimate details about the internal network, it's not clear how effective exploiting this issue would be, particularly without getting detected.
I presume this CVE is what drove the need for patches, which is why they are being offered out of band of the regular JHF.