You want to know the impact of following CVEs related to Apache Solr on Carbon Black EDR (CB EDR):

CVE-2024-45217
This issue affects Apache Solr from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization.
Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.

CVE-2025-66516/CVE-2025-54988
Apache Tika component from version 1.13 to 3.2.2 is vulnerable.

CVE-2026-22444
Users can mitigate this by enabling Solr's RuleBasedAuthorizationPlugin (if disabled) and configuring a permission-list that prevents untrusted users from creating new Solr cores.
Users should also upgrade to Apache Solr 9.10.1 or greater, which contain fixes for this issue.

CVE-2024-45217: No Impact

• Solr interactions are only allowed programmatically from the EDR server, Solr service is not intended to be used by users or without Authentication/Authorization.
• Additionally, Apache Solr is upgraded to 9.9.0 in CB EDR 7.9.1. 

CVE-2025-66516/CVE-2025-54988: No Impact

• CB-EDR does not use SolrCell
• Additionally, CB EDR 7.9.1+ has upgraded Tika libraries to 3.2.3+.

• CB-EDR forks Solr and patches it to keep up with vulnerabilities as per Broadcom standard and internal industry standard scans.
• It is always recommended to be on the latest available GA version.