SAP Knowledge Base Article - Preview

3446617 - Security vulnerabilities in Solr 8.11.2 and 9.2

Symptom

A number of vulnerabilities have been found with the currently supported versions of Solr:

CVE-2023-502912024-02-08Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
CVE-2023-502922024-02-08Apache Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
CVE-2023-502982024-02-08Apache Solr can expose ZooKeeper credentials via Streaming Expressions
CVE-2023-503862024-02-08Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets

More details can be found here: https://solr.apache.org/security.html


Read more...

Environment

These vulnerabilities apply to any version of Commerce or Commerce Cloud running Solr 8.11.2 or 9.2.

Product

SAP Commerce 2205 ; SAP Commerce Cloud 2205 ; SAP Commerce Cloud 2211

Keywords

solr, upgrade, vulnerabilities , KBA , CEC-SCC-COM-SRC-SER , Search and Navigation , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.