9 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-22444
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The create core API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of a...
Linux Distros Unpatched Vulnerability : CVE-2026-22022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's Rule Based Authorization Plugin are vulnerable to allowing unauthorized access to certain So...
Files or Directories Accessible to External Parties
Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties in the AllowPathBuilder behavior accessible via the create core API. An attacker can read...
Missing Authorization
Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Missing Authorization in the Rule Based Authorization Plugin, by which the getPermissionName function can be forced to return null. An attacke...
UBUNTU-CVE-2026-22022
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
CVE-2026-22022
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
CVE-2026-22444 Apache Solr: Insufficient file-access checking in standalone core-creation requests
The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...
GHSA-RC9V-H28F-JCMF There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion XXE in Solr config files solrconfig.xml, schema.xml, managed-schema. In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability...
PT-2013-1143 · Apache · Apache Solr
Name of the Vulnerable Software and Affected Versions: Apache Solr versions prior to 4.3.1 Description: The issue is related to the DocumentAnalysisRequestHandler in Apache Solr, which does not properly use the EmptyEntityResolver. This allows remote attackers to have an unspecified impact via XM...