Goal
I have one or more CVEs (Common Vulnerabilities and Exposures) for Solr that I would like to have analyzed by Lucidworks. I would like to understand the risk the CVEs may pose and if there are any mitigations steps needed.
Note: This document is only applicable to clients using standalone Solr, not for Fusion security concerns rooted in Solr. For Fusion security concerns rooted in Solr, follow the Ask security CVE questions for Fusion guide.
Environment
Solr (any version)
Guide
Note: It is Lucidworks policy that we do not currently analyze medium and low severity CVEs as classified by the US National Vulnerability Database (NVD) using CVSS version 3.x and higher.
Prior to submitting a support request, the following guidelines musts be followed:
- Verify the CVE severity is High or Critical as reported by the US National Vulnerability Database (for example, CVE-2021-44228).
- Verify if the CVE has already been addressed in a patch, new version, or workaround here.
- Verify if the CVE has already been rejected here.
- Confirm the CVE is relevant to a component of Solr.
If the scanned CVEs meet the above criteria and have not been addressed or rejected, please submit a ticket using the Support Request form via the Support Portal with the following details:
- The applicable Solr file path for which the CVE is applicable (as specified in the security scan).
- Business impact of the CVE.