Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-15	CVE-2023-50290	Unspecified vulnerability in Apache Solr Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. network low complexity apache	6.5
2021-02-26	CVE-2020-27223	Resource Exhaustion vulnerability in multiple products In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. network low complexity eclipse apache netapp debian oracle CWE-400	5.3
2020-04-01	CVE-2018-11802	Incorrect Authorization vulnerability in Apache Solr In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. network low complexity apache CWE-863	4.3
2018-07-05	CVE-2018-8026	XXE vulnerability in multiple products This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). local low complexity apache netapp CWE-611	5.5
2018-05-21	CVE-2018-8010	XXE vulnerability in Apache Solr This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). local low complexity apache CWE-611	5.5
2016-02-15	CVE-2015-8797	Cross-site Scripting vulnerability in Apache Solr Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. network low complexity apache CWE-79	6.1
2016-02-15	CVE-2015-8796	Cross-site Scripting vulnerability in Apache Solr Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. network low complexity apache CWE-79	6.1
2016-02-15	CVE-2015-8795	Cross-site Scripting vulnerability in Apache Solr Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. network low complexity apache CWE-79	6.1