TR-21-0340 (Apache Solr Güvenlik Zafiyeti)

Genel Bilgi

Apache Solr Uzaktan Kod Çalıştırma zafiyeti tespit edilmiştir.

Etki

Mevcut zafiyetin siber saldırganlar tarafından istismarı sonucunda sistemin kontrolünü ele alabilir. Zafiyete ilişkin CVE kodu şu şekildedir:

CVE-2019-12415, CVE-2019-0201, CVE-2019-0228, CVE-2019-12402, CVE-2019-17558, CVE-2021-20454, CVE-2015-5237, CVE-2014-3643 ve CVE-2021-20501 .

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine zafiyetin giderilmesi için yayınlanan güncellemeleri indirmelerini tavsiye etmektedir.

Kaynaklar

https://www.ibm.com/support/pages/node/6444763

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-eclipse-jetty-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/

https://www.ibm.com/support/pages/node/6445357

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-solr-affects-ibm-operations-analytics-log-analysis-cve-2019-17558/Security

https://www.ibm.com/support/pages/node/6445363

https://www.ibm.com/blogs/psirt/security-bulletin-protobuf-vulnerability-in-apache-solr-affect-ibm-operations-analytics-log-analysis-analysis-cve-2015-5237/Security

https://www.ibm.com/support/pages/node/6445359

https://www.ibm.com/blogs/psirt/security-bulletin-apache-solr-shipped-with-ibm-operations-analytics-log-analysis-susceptible-to-vulnerability-in-apache-poi-cve-2019-12415/

2021-04-21