Skip to main content
Sign in

Ask security CVE questions for Fusion

  • Updated

Goal

I have one or more CVEs (Common Vulnerabilities and Exposures) for Fusion that I would like to have analyzed by Lucidworks. I would like to understand the risk the CVEs may pose and if there are any mitigations steps needed.

 

Environment

Fusion 4.x - 5.x

 

Guide

Note: It is Lucidworks policy that we do not currently analyze medium and low severity CVEs as classified by the US National Vulnerability Database (NVD) using CVSS version 3.x and higher.

The process is dependent on the version of Fusion:

 

Fusion 5

With each release of Fusion 5.x, Lucidworks scans the product internally, produces a report, and documents any mitigation needed. As time goes by, however, there may be additional vulnerabilities found. There are many security tools that can generate vulnerability reports and our clients may be running their own tools for this purpose. If starting from such a report, follow the process below:

  1. Open Support Request: Submit a ticket using the Support Request form via the Support Portal, requesting Lucidworks' security report for your specific version of Fusion 5.
  2. Obtain Reference Report: Support will provide the reference report for your version of Fusion 5 through the support ticket.
  3. Compare Reports: Use the reference report to compare with your own and identify any critical or high CVEs not addressed in the reference report.
  4. Submit Eligible CVEs: Any critical or high CVEs not covered in the reference report are eligible for further analysis by Lucidworks security team. Use the attached template to submit these CVEs for analysis and upload it to your support ticket.
  5. Receive Analysis and Mitigation Steps: Support will consult internally with the Lucidworks security team and relay the analysis and any recommended mitigation steps for each CVE through the support ticket.

Note: The Lucidworks security team will only engage in step 5 once all required information for each eligible CVE is provided in the template format.

 

Fusion 4

For Fusion 4, any critical or high CVEs are eligible for analysis by Lucidworks' security team. Use the attached template to submit these CVEs and upload it to your support ticket. Support will then provide the analysis and any recommended mitigation steps after consulting internally with the Lucidworks security team.

 

 

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk