Summary Apache Solr could allow a remote attacker to bypass security restrictions, caused by improper access control by the Configsets API. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. This vulnerability can be exploited when someone updates configset & launchs an attach on IBM watsonx.data. Vulnerability Details ** CVEID: CVE-2020-13957 DESCRIPTION: **Apache Solr could allow a remote attacker to bypass security restrictions, caused by improper access control by the Configsets API. By using a combination of UPLOAD/CREATE actions, an attacker could exploit this vulnerability to bypass the checking mechanism for features considered as dangerous. CVSS Base score: 9.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189644 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM watsonx.data| 1.0.0 – 2.0.0 Remediation/Fixes The product needs to be installed or upgraded to the latest available level watsonx.data 2.0.3 or watsonx.data on CPD 5.0.3. Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/watsonx/watsonxdata/2.0.x?topic=deployment-installing Workarounds and Mitigations…Read More