Note: The default configuration file solr.in.sh Apache Solr 8.1.1 and 8.2.0 versions of Solr accompanying contain unsafe settings ENABLE_REMOTE_JMX_OPTS configuration options.
If you use the default file solr.in.sh affected version, it will enable JMX monitoring and disclosure of which will RMI_PORT (default = 18983), without any authentication. Anyone who opens this port in the firewall for inbound traffic, the network has access to your Solr nodes will be able to access JMX, which in turn may allow them to upload malicious code to be executed on Solr server.
The vulnerability has been disclosed [1], was mitigation measures in project mailing lists and news pages [3] announced on August 14, it was not mentioned RCE.
Mitigation measures:
Ensuring effective on each node solr.in.sh Solr file ENABLE_REMOTE_JMX_OPTS are set to "false", and then restart Solr. Please note that a valid solr.in.sh file may be located in / etc / defaults / or other location, depending on the installation. Then, you can verify com.sun.management.jmxremote * family property is not listed or is not configured in a safe manner in the "Java Properties" section Solr Admin UI's.