Description
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.
Remediation
References
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr
https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d%40%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87%40%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be%40%3Cgeneral.lucene.apache.org%3E
https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541%40%3Cissues.lucene.apache.org%3E
https://support.f5.com/csp/article/K23720587?utm_source=f5support&%3Butm_medium=RSS
Related Vulnerabilities
CVE-2018-16487 Vulnerability in maven package org.webjars.npm:lodash.merge
CVE-2023-26158 Vulnerability in npm package mockjs
CVE-2023-34981 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-26158 Vulnerability in maven package org.webjars.npm:mockjs
CVE-2020-7793 Vulnerability in maven package org.webjars.npm:ua-parser-js