Solr

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-01	CVE-2019-0193	Code Injection vulnerability in multiple products In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. network low complexity apache debian CWE-94	7.2
2019-03-08	CVE-2017-3164	Server-Side Request Forgery (SSRF) vulnerability in Apache Solr Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). network low complexity apache CWE-918	7.5
2019-03-07	CVE-2019-0192	Deserialization of Untrusted Data vulnerability in multiple products In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. network low complexity apache netapp CWE-502 critical	9.8
2018-07-05	CVE-2018-8026	XXE vulnerability in multiple products This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). local low complexity apache netapp CWE-611	5.5
2018-05-21	CVE-2018-8010	XXE vulnerability in Apache Solr This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). local low complexity apache CWE-611	5.5
2018-04-09	CVE-2018-1308	XXE vulnerability in multiple products This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. network low complexity apache debian CWE-611	7.5
2017-10-14	CVE-2017-12629	XXE vulnerability in multiple products Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. network low complexity apache redhat debian canonical CWE-611 critical	9.8
2017-09-18	CVE-2017-9803	Improper Authentication vulnerability in Apache Solr Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. network high complexity apache CWE-287	7.5
2017-08-30	CVE-2017-3163	Path Traversal vulnerability in Apache Solr When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. network low complexity apache CWE-22	7.5
2017-07-07	CVE-2017-7660	Improper Authentication vulnerability in Apache Solr Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. network low complexity apache CWE-287	7.5