Vulnerabilities > Apache > Solr > 7.0.0

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-13941 Improper Input Validation vulnerability in Apache Solr
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0.
network
low complexity
apache CWE-20
8.8
8.8
2020-04-01 CVE-2018-11802 Incorrect Authorization vulnerability in Apache Solr
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection.
network
low complexity
apache CWE-863
4.3
4.3
2019-12-30 CVE-2019-17558 Injection vulnerability in multiple products
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter.
network
high complexity
apache oracle CWE-74
7.5
7.5
2019-08-01 CVE-2019-0193 Code Injection vulnerability in multiple products
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter.
network
low complexity
apache debian CWE-94
7.2
7.2
2019-03-08 CVE-2017-3164 Server-Side Request Forgery (SSRF) vulnerability in Apache Solr
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive).
network
low complexity
apache CWE-918
7.5
7.5
2018-07-05 CVE-2018-8026 XXE vulnerability in multiple products
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file).
local
low complexity
apache netapp CWE-611
5.5
5.5
2018-05-21 CVE-2018-8010 XXE vulnerability in Apache Solr
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema).
local
low complexity
apache CWE-611
5.5
5.5
2018-04-09 CVE-2018-1308 XXE vulnerability in multiple products
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler.
network
low complexity
apache debian CWE-611
7.5
7.5
2017-10-14 CVE-2017-12629 XXE vulnerability in multiple products
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class.
network
low complexity
apache redhat debian canonical CWE-611
critical
 9.8
9.8