Vulnerabilities > Apache > Solr > 6.2.1

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2018-11802 Incorrect Authorization vulnerability in Apache Solr
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection.
network
low complexity
apache CWE-863
4.3
4.3
2019-12-30 CVE-2019-17558 Injection vulnerability in multiple products
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter.
network
high complexity
apache oracle CWE-74
7.5
7.5
2019-08-01 CVE-2019-0193 Code Injection vulnerability in multiple products
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter.
network
low complexity
apache debian CWE-94
7.2
7.2
2019-03-08 CVE-2017-3164 Server-Side Request Forgery (SSRF) vulnerability in Apache Solr
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive).
network
low complexity
apache CWE-918
7.5
7.5
2019-03-07 CVE-2019-0192 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request.
network
low complexity
apache netapp CWE-502
critical
 9.8
9.8
2018-07-05 CVE-2018-8026 XXE vulnerability in multiple products
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file).
local
low complexity
apache netapp CWE-611
5.5
5.5
2018-05-21 CVE-2018-8010 XXE vulnerability in Apache Solr
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema).
local
low complexity
apache CWE-611
5.5
5.5
2018-04-09 CVE-2018-1308 XXE vulnerability in multiple products
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler.
network
low complexity
apache debian CWE-611
7.5
7.5
2017-10-14 CVE-2017-12629 XXE vulnerability in multiple products
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class.
network
low complexity
apache redhat debian canonical CWE-611
critical
 9.8
9.8
2017-09-18 CVE-2017-9803 Improper Authentication vulnerability in Apache Solr
Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application.
network
high complexity
apache CWE-287
7.5
7.5