SOLR which is incorporated in SOI is a very old version, and vulnerable to the XML Entity Attack.
This type of attach allows a user to obtain the SOI admin username and password and access the application with admin privileges.
Why are we still using such an old version of SOLR, what's its used for in SOI, why the SOLR admin page is publically accessible
SOI vulnerability due to old SOLR version
remove "admin" folder from below location to disable access of Admin page.
After implementing this, no vulnerability was found during security scan.
There will be an official solution provided