Apache Software Foundation Cassandra 1.2.10

CPE Details

Apache Software Foundation Cassandra 1.2.10
apache
cassandra
1.2.10
2015-04-03
15h35 +00:00
2015-04-03
15h49 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:cassandra:1.2.10:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

cassandra

Version

1.2.10

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-13946 2020-09-01 18h49 +00:00 In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.
5.9
Medium
CVE-2015-0225 2015-04-03 12h00 +00:00 The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
7.5