Vulnerabilities > Apache > Solr > 6.6.2

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-13941 Improper Input Validation vulnerability in Apache Solr
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0.
network
low complexity
apache CWE-20
8.8
8.8
2020-04-01 CVE-2018-11802 Incorrect Authorization vulnerability in Apache Solr
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection.
network
low complexity
apache CWE-863
4.0
4.0
2019-12-30 CVE-2019-17558 Injection vulnerability in multiple products
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter.
network
high complexity
apache oracle CWE-74
7.5
7.5
2019-08-01 CVE-2019-0193 Code Injection vulnerability in Apache Solr
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter.
network
low complexity
apache CWE-94
7.2
7.2
2019-03-08 CVE-2017-3164 Server-Side Request Forgery (SSRF) vulnerability in Apache Solr
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive).
network
low complexity
apache CWE-918
7.5
7.5
2019-03-07 CVE-2019-0192 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request.
network
low complexity
apache netapp CWE-502
critical
 9.8
9.8
2018-07-05 CVE-2018-8026 XXE vulnerability in multiple products
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file).
local
low complexity
apache netapp CWE-611
2.1
2.1
2018-05-21 CVE-2018-8010 XXE vulnerability in Apache Solr
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema).
local
low complexity
apache CWE-611
5.5
5.5
2018-04-09 CVE-2018-1308 XXE vulnerability in multiple products
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler.
network
low complexity
apache debian CWE-611
7.5
7.5