Description

Due to vulnerabilities in Log4j library used by Apache Solr, an unauthenticated attacker can leak sensitive information or execute arbitrary code on the system.

Remediation

Upgrade to the latest version of Apache Solr

References

Apache projects affected by log4j CVE-2021-44228

Related Vulnerabilities

imgproxy SSRF (CVE-2023-30019)

WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)

WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)

Multiple vulnerabilities in Ioncube loader-wizard.php

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Information Disclosure (2.7.6)

Severity

High

Classification

CVE-2021-44228 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

Acumonitor Information Disclosure Code Execution