XWiki, known as ‘The Advanced Open-Source Enterprise Wiki’, has positioned itself as an alternative to platforms like Confluence and MediaWiki. In February, the organization disclosed an advisory regarding a serious vulnerability that enables arbitrary remote code execution in its SolrSearch component. This component can be accessed by any user, even those with minimal ‘Guest’ privileges, creating significant security exposure. The advisory not only highlighted the vulnerability but also provided proof-of-concept (PoC) code, raising concerns about the length of time it took for widespread exploitation to occur. Security experts suggest that this delay might indicate either a lack of awareness of the vulnerability or a slower adoption of patching across impacted environments. Organizations using XWiki are advised to implement the patch provided in the advisory promptly to mitigate potential risks.
👉 Pročitaj original: SANS Internet Storm Center
