There isn't a way to upgrade components of the LEM except through the releases from Solarwinds. These include updates to the LEM software, database, OS and other components.
However, looking at Apache's website, there appears to have only been one fix in the one newer release of Apache:
Apache Tomcat - Apache Tomcat 6 vulnerabilities
And that's CVE-2014-0227, which they didn't make public until February 2015. Since 6.1.0 was released in January, and the dev team seems to favor known stable releases vs. bleeding edge, there wouldn't have been a reason to upgrade in the months before February. I would bet that you'll see Apache updated when the next release comes out for LEM later this year, though.
At the same time, your LEM's web interface shouldn't be facing the public internet. If you find someone exploiting vulnerabilities from inside your network, you should probably discipline/fire them. You can also control who has access to the LEM's web console using commands in the CMC shell via the virtual machine console or an SSH session.
