IBM030970F89D6C26A90B1C0AC41EAF5743E2257B7CFA7E7C17A0B25DAAA25EF9B4Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM InfoSphere Information Server
EPSS
Percentile
84.5%
Summary
A vulnerability in Apache Solr (lucene) was addressed by IBM InfoSphere Information Server.
Vulnerability Details
CVEID: CVE-2018-8026 DESCRIPTION: Apache Solr could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the Solr config files. By persuading a victim to open specially-crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145827> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: version 11.7
IBM InfoSphere Information Server on Cloud: version 11.7
Remediation/Fixes
Product
|
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
InfoSphere Information Server,
Information Server on Cloud
|
11.7
|
|
--Apply IBM InfoSphere Information Server version 11.7.0.2
Workarounds and Mitigations
None
Related
EPSS
Percentile
84.5%