VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-q68r-cga4-aaag

Essentials
Severities (99)
References (18)
Severity details (18)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-q68r-cga4-aaag
Aliases	CVE-2018-8026 GHSA-7px3-6f6g-hxcj
Summary	Moderate severity vulnerability that affects org.apache.solr:solr-core
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-611	Improper Restriction of XML External Entity Reference
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8026.json
epss	0.00836	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.00836	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.00836	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.00836	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.01103	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06266	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.06943	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08563	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
epss	0.08712	https://api.first.org/data/v1/epss?cve=CVE-2018-8026
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1598621
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-7px3-6f6g-hxcj
cvssv3.1	5.5	https://github.com/apache/lucene-solr/commit/1880d4824e6c5f98170b9a00aad1d437ee2aa12
generic_textual	MODERATE	https://github.com/apache/lucene-solr/commit/1880d4824e6c5f98170b9a00aad1d437ee2aa12
cvssv3.1	5.5	https://github.com/apache/lucene-solr/commit/3aa6086ed99fa7158d423dc7c33dae6da466b09
generic_textual	MODERATE	https://github.com/apache/lucene-solr/commit/3aa6086ed99fa7158d423dc7c33dae6da466b09
cvssv3.1	5.5	https://github.com/apache/lucene-solr/commit/d1baf6ba593561f39e2da0a71a8440797005b55
generic_textual	MODERATE	https://github.com/apache/lucene-solr/commit/d1baf6ba593561f39e2da0a71a8440797005b55
cvssv3.1	5.5	https://github.com/apache/lucene-solr/commit/e5407c5a9710247e5f728aae36224a245a51f0b
generic_textual	MODERATE	https://github.com/apache/lucene-solr/commit/e5407c5a9710247e5f728aae36224a245a51f0b
cvssv3.1	5.5	https://issues.apache.org/jira/browse/SOLR-12450
generic_textual	MODERATE	https://issues.apache.org/jira/browse/SOLR-12450
cvssv3.1	5.5	https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E
generic_textual	MODERATE	https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E
cvssv2	2.1	https://nvd.nist.gov/vuln/detail/CVE-2018-8026
cvssv3	5.5	https://nvd.nist.gov/vuln/detail/CVE-2018-8026
cvssv3.1	5.5	https://security.netapp.com/advisory/ntap-20190307-0002
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20190307-0002

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8026.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-8026
		https://github.com/apache/lucene-solr/commit/1880d4824e6c5f98170b9a00aad1d437ee2aa12
		https://github.com/apache/lucene-solr/commit/3aa6086ed99fa7158d423dc7c33dae6da466b09
		https://github.com/apache/lucene-solr/commit/d1baf6ba593561f39e2da0a71a8440797005b55
		https://github.com/apache/lucene-solr/commit/e21d4937e0637c7b7949ac463f331da9a42c07f
		https://github.com/apache/lucene-solr/commit/e5407c5a9710247e5f728aae36224a245a51f0b
		https://issues.apache.org/jira/browse/SOLR-12450
		https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E
		https://security.netapp.com/advisory/ntap-20190307-0002
		https://security.netapp.com/advisory/ntap-20190307-0002/
		http://www.securityfocus.com/bid/104690
1598621		https://bugzilla.redhat.com/show_bug.cgi?id=1598621
cpe:2.3:a:apache:solr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
cpe:2.3:a:netapp:snapcenter:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:::::::*
cpe:2.3:a:netapp:storage_automation_store:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*
CVE-2018-8026		https://nvd.nist.gov/vuln/detail/CVE-2018-8026
GHSA-7px3-6f6g-hxcj		https://github.com/advisories/GHSA-7px3-6f6g-hxcj

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8026.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/lucene-solr/commit/1880d4824e6c5f98170b9a00aad1d437ee2aa12

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/lucene-solr/commit/3aa6086ed99fa7158d423dc7c33dae6da466b09

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/lucene-solr/commit/d1baf6ba593561f39e2da0a71a8440797005b55

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/lucene-solr/commit/e5407c5a9710247e5f728aae36224a245a51f0b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://issues.apache.org/jira/browse/SOLR-12450

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-8026

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-8026

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20190307-0002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.81830
EPSS Score	0.00836
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.