A vulnerability in Apache Solr (lucene) was addressed by IBM InfoSphere Information Server.
CVEID: CVE-2018-8026 DESCRIPTION: Apache Solr could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the Solr config files. By persuading a victim to open specially-crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145827> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: version 11.7
IBM InfoSphere Information Server on Cloud: version 11.7
Product
|
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
InfoSphere Information Server,
Information Server on Cloud
|
11.7
|
|
--Apply IBM InfoSphere Information Server version 11.7.0.2
None