CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: May 3, 2022
Description
The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
CVSS Score
7.5/ 10
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HEPSS — Exploit Probability
94.5%
Higher than 100.0% of all CVEs
Weakness Classification (CWE)
Known Exploits
POChttp://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.htmlExploithttps://issues.apache.org/jira/browse/SOLR-13971Exploithttps://lists.apache.org/thread.html/r5074d814d3a8c75df4b20e66bfd268ee0a73ddea7e85070cec3ae78d%40%3Cissues.lucene.apache.org%3EExploithttps://lists.apache.org/thread.html/rf6d7ffae2b940114324e036b6394beadf27696d051ae0c4a5edf07af%40%3Cissues.lucene.apache.org%3EExploithttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisoryhttp://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.htmlExploithttps://issues.apache.org/jira/browse/SOLR-13971Exploithttps://lists.apache.org/thread.html/r5074d814d3a8c75df4b20e66bfd268ee0a73ddea7e85070cec3ae78d%40%3Cissues.lucene.apache.org%3EExploithttps://lists.apache.org/thread.html/rf6d7ffae2b940114324e036b6394beadf27696d051ae0c4a5edf07af%40%3Cissues.lucene.apache.org%3EExploithttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
Required Action
https://nvd.nist.gov/vuln/detail/CVE-2019-17558
Risk Assessment
CRITICALIn CISA KEV
Known exploit
High EPSS
Details
- Severity
- High
- CVSS
- 7.5
- EPSS
- 94.5%
- CWE
- CWE-74
- Exploit
- POC
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
Nov 3, 2021
Added to KEV
Nov 3, 2021
Remediation Due
May 3, 2022