Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM InfoSphere Information Server

Summary

A vulnerability in Apache Solr (lucene) was addressed by IBM InfoSphere Information Server.

Vulnerability Details

CVEID: CVE-2017-3164 DESCRIPTION: Apache Solr is vulnerable to server-side request forgery, caused by not having corresponding allowlist mechanism in the shards parameter. By using a specially-crafted argument, an attacker could exploit this vulnerability to conduct SSRF attack.
CVSS Base Score: 5.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/156956&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 11.5, 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, 11.7

Remediation/Fixes

InfoSphere Information Server, Information Server on Cloud | 11.7 | JR61261
JR61282 | --Apply InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server 11.7.1.0 Service Pack 2

—|—|—|—
InfoSphere Information Analyzer, InfoSphere Data Quality Exception Console, Information Server on Cloud | 11.5 | JR61261
JR61282 | --Upgrade to a fixed release

Workarounds and Mitigations

None