Advisory 2021-05/3 Security Issues in Apache Solr 8.8.1
Potential Threat of Unauthorized Access in FileCloud
| Security Advisory Date | May 18, 2021 |
| Vulnerability Type | Potential unauthorized access |
| Versions affected | FileCloud Version 20.3.3 |
| Version fixed | FileCloud Version 21.1.0.15081 |
Description
The Apache Solr version included in FileCloud on-premises installations contained security vulnerabilities of high severity. These flaws potentially allowed attackers to gain unauthorized access to secure information or to perform malicious actions.
See the descriptions of the following CVEs at https://solr.apache.org/security.html for information about the specific Apache Solr issues causing these threats:
- CVE-2021-27905
- CVE-2021-29262
- CVE-2021-29943
Fix
This has been fixed in FileCloud version 21.1.0.15081, which includes the updated version of Apache Solr, 8.8.2.
What you should do
- If you are using a FileCloud on-premises installation, please update it to the latest version, which is 21.1.0.15081 or greater.
- If you are using FileCloud online, you are not affected.
If you have any questions about this advisory, please contact FileCloud support.