Advisory 2021-04 Security Issues in Apache Solr
Potential Threat of RCE in FileCloud
Security Advisory Date | April 5, 2021 |
Vulnerability Type | Remote Code Execution |
Severity factors | Non-trusted clients and other agents must be able to pass through your network security. |
Versions affected | All versions of FileCloud prior to 20.3.3.13230, on-premises installations only. |
Version fixed | FileCloud Version 20.3.3.13230 |
Description
Apache Solr versions included in FileCloud on-premises installations contained security vulnerabilities of high severity. These flaws potentially allowed attackers to run code to prevent services or access secure information. The latest version of FileCloud includes the updated version of Apache Solr, 8.8.1, which fixes these vulnerabilities.
See the descriptions of the following CVEs at https://solr.apache.org/security.html for information about the specific Apache Solr issues causing these threats:
- CVE-2019-12409
- CVE-2019-17558
- CVE-2020-13957
Fix
This has been fixed in FileCloud version 20.3.3.13230, which includes the updated version of Apache Solr.
What you should do
- If you are using a FileCloud on-premises installation, please update it to the latest version, which is 20.3.3.13230 or greater.
- If you are using FileCloud online, you are not affected.
If you have any questions about this advisory, please contact FileCloud support.