Vulnerabilities > Apache > Solr > 5.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-07 | CVE-2019-0192 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. | 9.8 |
| 2018-04-09 | CVE-2018-1308 | XXE vulnerability in multiple products This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. | 7.5 |
| 2017-08-30 | CVE-2017-3163 | Path Traversal vulnerability in Apache Solr When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. | 7.5 |
| 2017-07-07 | CVE-2017-7660 | Improper Authentication vulnerability in Apache Solr Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. | 7.5 |