Apache Software Foundation Cassandra 3.0.23

CPE Details

Apache Software Foundation Cassandra 3.0.23
apache
cassandra
3.0.23
2021-02-04
14h00 +00:00
2021-02-04
14h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:cassandra:3.0.23:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

cassandra

Version

3.0.23

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-44521 2022-02-11 11h20 +00:00 When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.
9.1
Critical
CVE-2020-17516 2021-02-03 15h40 +00:00 Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.
7.5
High