Security Bulletin: IBM Operations Analytics - Log Analysis is affected by incorrect authorisation and XML external entity (XXE) vulnerabilities due to Apache Solr.

Summary Apache Solr is used by IBM Operations Analytics - Log Analysis as part of managing Solr collection and arbitary local file. CVE-2018-11802, CVE-2018-1308. Vulnerability Details CVEID:CVE-2018-11802 DESCRIPTION: In Apache Solr, the cluster can be partitioned into multiple collections and...

EUVD-2018-0489

Malware in sbrugna...

USN-7283-1: Apache Solr vulnerability

It was discovered that the Apache Solr DataImportHandler module incorrectly handled certain request parameters in a default configuration. A remote attacker could possibly use this issue to execute arbitrary code...

USN-7283-1 lucene-solr vulnerability

It was discovered that the Apache Solr DataImportHandler module incorrectly handled certain request parameters in a default configuration. A remote attacker could possibly use this issue to execute arbitrary code...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Apache Solr vulnerability (USN-7283-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7283-1 advisory. It was discovered that the Apache Solr DataImportHandler module incorrectly handled certain request parameters in a default configuration....

BIT-SOLR-2021-44548 Apache Solr information disclosure vulnerability through DataImportHandler

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

Apache Solr < 8.11.1 Information Disclosure

The version of Apache Solr running on the remote host is prior to 8.11.1. It is, therefore, affected by an information disclosure vulnerability due to improper input validation in DataImportHandler. The vulnerability allows an attacker to provide a Windows UNC path resulting in an SMB network cal...

GHSA-PCCR-Q7V9-5F27 Apache Solr Improper Input Validation and Path Traversal

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

Remote Code Execution (RCE)

Apache Solr is vulnerable to remote code execution. The vulnerability exists due to lack of secure input validation in DataImportHandler resulting in the SMB attack and exfiltration of sensitive data...

CVE-2021-44548

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

CVE-2021-44548

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

Input validation

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

CVE-2021-44548 Apache Solr information disclosure vulnerability through DataImportHandler

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

CVE-2021-44548

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

CVE-2021-44548

The CVE-2021-44548 entry describes an information-disclosure vulnerability in Apache Solr’s DataImportHandler that allows a Windows UNC path to trigger SMB network calls from the Solr host. Affected: Solr versions prior to 8.11.1 on Windows. Impact (as stated): potential exfiltration of sensitive...

Apache Solr DataImportHandler Code Injection Vulnerability

The optional Apache Solr module DataImportHandler contains a code injection vulnerability...

Debian DLA-2327-1 : lucene-solr security update

A security vulnerability was discovered in lucene-solr, an enterprise search server. The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's 'dataConfig' parameter. The deb...

[SECURITY] [DLA 2327-1] lucene-solr security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2327-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 15, 2020 htps://wiki.debian.org/LTS -...

Apache Solr < 8.2.0 Remote Code Execution

The DataImportHandler, a popular and widely used module which is used to pull data from databases or other sources, has a vulnerability dataConfig parameter. This parameter is used for configuration of DIH config; since this config can contain scripts, this parameter poses a RCE security risk...

CVE-2019-0193

A flaw was found in Apache Solr’s DataImportHandlerDIH. A DIH configuration containing scripts coming from a request's dataConfig parameter allows an attacker to perform remote code execution. Mitigation Edit solrconfig.xml to configure all DataImportHandler usages with an "invariants" section...