Skip to main content
Sign in

Ask security CVE questions for Fusion

  • Updated

Goal

I have one or more CVEs (Common Vulnerabilities and Exposures) for Fusion that I would like to have analyzed by Lucidworks. I would like to understand the risk the CVEs may pose and if there are any mitigations steps needed.

 

Environment

Fusion 4.x - 5.x

 

Guide

Note: It is Lucidworks policy that we do not currently analyze medium and low severity CVEs as classified by the US National Vulnerability Database (NVD) using CVSS version 3.x and higher.

The process is dependent on the version of Fusion:

 

Fusion 5

With each release of Fusion 5.x, Lucidworks scans the product internally, produces a report, and documents any mitigation needed. As time goes by, however, there may be additional vulnerabilities found. There are many security tools that can generate vulnerability reports and our clients may be running their own tools for this purpose. If starting from such a report, follow the process below:

  1. Open Support Request: Submit a ticket using the Support Request form via the Support Portal, requesting Lucidworks' security report for your specific version of Fusion 5.
  2. Obtain Reference Report: Support will provide the reference report for your version of Fusion 5 through the support ticket.
  3. Compare Reports: Use the reference report to compare with your own and identify any critical or high CVEs not addressed in the reference report.
  4. Submit Eligible CVEs: Any critical or high CVEs not covered in the reference report are eligible for further analysis by Lucidworks security team. Use the attached template to submit these CVEs for analysis and upload it to your support ticket.
  5. Receive Analysis and Mitigation Steps: Support will consult internally with the Lucidworks security team and relay the analysis and any recommended mitigation steps for each CVE through the support ticket.

Note: The Lucidworks security team will only engage in step 5 once all required information for each eligible CVE is provided in the template format.

 

Fusion 4

Lucidworks does not investigate security vulnerabilities in Fusion 4.x versions that are no longer under mainstream support. All Fusion 4.x versions prior to the latest Service Pack have reached end of mainstream support, as documented here.

To proceed with any vulnerability-related concerns, please upgrade to the latest supported version and apply the most recent Service Pack:

After upgrading and applying the Service Pack, if the vulnerability still appears in your scan, please open a ticket and provide the required details using the attached template.

Lucidworks will assess those concerns and provide remediation steps once you are on a supported release.

Related articles

Powered by Zendesk