CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27137 – Apache Cassandra: unrestricted deserialization of JMX authentication credentials
https://notcve.org/view.php?id=CVE-2024-27137
04 Feb 2025 — In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations. This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10. This issue affects Apache Cassan... • https://lists.apache.org/thread/jsk87d9yv8r204mgqpz1qxtp5wcrpysm • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24860 – Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
https://notcve.org/view.php?id=CVE-2025-24860
04 Feb 2025 — Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both Cass... • https://lists.apache.org/thread/yjo5on4tf7s1r9qklc4byrz30b8vkm2d • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-23015 – Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
https://notcve.org/view.php?id=CVE-2025-23015
04 Feb 2025 — Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.... • https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30601 – Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
https://notcve.org/view.php?id=CVE-2023-30601
30 May 2023 — Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false. Privilege escalation when enab... • https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 91%CPEs: 3EXPL: 3CVE-2021-44521 – Remote code execution for scripted UDFs
https://notcve.org/view.php?id=CVE-2021-44521
11 Feb 2022 — When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE. Cuando es eje... • https://github.com/WoodenKlaas/CVE-2021-44521 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-17516
https://notcve.org/view.php?id=CVE-2020-17516
03 Feb 2021 — Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement. Apache Cassandra versiones 2.1.0 hasta 2.1.22, versiones 2.2.0 hasta 2.2.19, versiones 3.0.0 hasta 3.0.23 y versiones 3.11.0 hasta 3.11.9, cuan... • http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D%40apache.org%3e • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2020-13946 – cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface
https://notcve.org/view.php?id=CVE-2020-13946
01 Sep 2020 — In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability tha... • https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.9EPSS: 2%CPEs: 73EXPL: 0CVE-2019-2684 – OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)
https://notcve.org/view.php?id=CVE-2019-2684
17 Apr 2019 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded a... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8016
https://notcve.org/view.php?id=CVE-2018-8016
28 Jun 2018 — The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra... • https://lists.apache.org/thread.html/bafb9060bbdf958a1c15ba66c68531116fba4a83858a2796254da066%40%3Cuser.cassandra.apache.org%3E • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2016-4970 – netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
https://notcve.org/view.php?id=CVE-2016-4970
13 Apr 2017 — handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop). handler/ssl/OpenSslEngine.java en Netty 4.0.x en versiones anteriores a 4.0.37.Final y 4.1.x en versiones anteriores a 4.1.1.Final permite a los atacantes remotos provocar una denegación de servicio (bucle infinito). Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.0 s... • http://netty.io/news/2016/06/07/4-0-37-Final.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •