Security Bulletin
Summary
A potential security vulnerability has been identified for systems that are set up to use basic authentication. The version of Solr that is included with both IBM i2 Enterprise Insight Analysis and IBM i2 Analyze is affected, and has been patched in the latest fix pack.
Vulnerability Details
Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in the cluster to believe that the malicious node is a member of the cluster.
If you have enabled the BasicAuth authentication mechanism using the BasicAuthPlugin, or implemented a custom Authentication plugin that does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", your servers are vulnerable to this attack. If you use SSL without basic authentication, or you use Kerberos, you will be unaffected.
Affected Products and Versions
Solr 5.3 to 5.5.4; Solr 6.0 to 6.5.1
Remediation/Fixes
To resolve this issue, upgrade to the latest fix pack for your deployment:
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
29 September 2018
UID
swg22006809