Apache Software Foundation Cassandra 3.0.22

CPE Details

Apache Software Foundation Cassandra 3.0.22
apache
cassandra
3.0.22
2020-09-10
11h57 +00:00
2020-09-10
11h57 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:cassandra:3.0.22:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

cassandra

Version

3.0.22

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-44521 2022-02-11 11h20 +00:00 When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.
9.1
Critique
CVE-2020-17516 2021-02-03 15h40 +00:00 Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.
7.5
Haute