SOI Vulnerability

Document ID : KB000115856
Last Modified Date : 26/09/2018
Show Technical Document Details
Issue:
SOLR which is incorporated in SOI is a very old version, and vulnerable to the XML Entity Attack.

This type of attach allows a user to obtain the SOI admin username and password and access the application with admin privileges.

Why are we still using such an old version of SOLR, what's its used for in SOI, why the SOLR admin page is publically accessible
Environment:
SOI 4.2
Cause:
SOI vulnerability due to old SOLR version
Resolution:
remove "admin" folder from below location to disable access of Admin page.

<SOI_HOME>\SamUI\webapps\solr

After implementing this, no vulnerability was found during security scan.
Additional Information:
There will be an official solution provided