Lucene search

K
ibmIBM2E5ED8EE9FFE02307D1FDB3E8091F62E0BA23BC3B364FF0B358D04DE31A29D6A
HistoryAug 03, 2021 - 9:07 a.m.

Security Bulletin: Potential vulnerability (SSRF) in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2017-3164)

2021-08-0309:07:34
www.ibm.com
10

EPSS

0.127

Percentile

95.5%

Summary

Server Side Request Forgery vulnerability in Apache Solr could allow attacker with access to make Solr perform a HTTP to any reachable URL.

Vulnerability Details

CVEID: CVE-2017-3164
DESCRIPTION: Apache Solr is vulnerable to server-side request forgery, caused by not having corresponding allowlist mechanism in the shards parameter. By using a specially-crafted argument, an attacker could exploit this vulnerability to conduct SSRF attack.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156956&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2
Log Analysis 1.3.3
Log Analysis 1.3.3.1
Log Analysis 1.3.4
Log Analysis 1.3.5
Log Analysis 1.3.6

Remediation/Fixes

Principal Product and Version(s) Fix details
IBM Operations Analytics - Log Analysis version 1.3.1, 1.3.2, 1.3.3, 1.3.3.1, 1.3.4, 1.3.5 and 1.3.6 Upgrade existing version to Log Analysis 1.3.6 Fix Pack 1

Workarounds and Mitigations

Ensure your network settings are configured so that only trusted traffic is allowed to ingress/egress your hosts running Solr.

EPSS

0.127

Percentile

95.5%

Related for 2E5ED8EE9FFE02307D1FDB3E8091F62E0BA23BC3B364FF0B358D04DE31A29D6A