5 results (0.015 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement. Apache Cassandra versiones 2.1.0 hasta 2.1.22, versiones 2.2.0 hasta 2.2.19, versiones 3.0.0 hasta 3.0.23 y versiones 3.11.0 hasta 3.11.9, cuando se usa la configuración internode_encryption de "dc" o "rack", permite ambas conexiones de entre nodo cifradas y no cifradas. Un nodo configurado inapropiadamente o un usuario malicioso pueden usar la conexión no cifrada a pesar de no estar en el mismo rack o dc y omitir el requisito mutuo de TLS • http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D%40apache.org%3e https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8%40%3Ccommits.cassandra.apache.org%3E https://security.netapp.com/advisory/ntap-20210521-000 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. En Apache Cassandra, todas las versiones anteriores a 2.1.22, 2.2.18, 3.0.22, 3.11.8 y 4.0-beta2, es posible a un atacante local sin acceso al proceso de Apache Cassandra o archivos de configuración manipular el registro RMI para llevar a cabo un ataque de tipo man-in-the-middle y capturar los nombres de usuario y las contraseñas usadas para acceder a la interfaz JMX. El atacante puede usar estas credenciales para acceder a la interfaz JMX y llevar a cabo operaciones no autorizadas. • https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E https://security.netapp.com/advisory/ntap-20210521-0005 https://access • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 5.9EPSS: 0%CPEs: 73EXPL: 0

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.openwall.com/lists/oss-security/2020/09/01/4 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0959 https://access.re •

CVSS: 10.0EPSS: 67%CPEs: 81EXPL: 0

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en Oracle Java SE 6u113, 7u99 y 8u77; Java SE Embedded 8u77; y JRockit R28.3.9 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-05 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. La configuración por defecto en Apache Cassandra 1.2.0 hasta 1.2.19, 2.0.0 hasta 2.0.13, y 2.1.0 hasta 2.1.3 vincula una interfaz JMX/RMI no autenticada a todas las interfaces de la red, lo que permite a atacantes remotos ejecutar código Java arbitrario a través de una solicitud RMI. It was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra. • http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html http://rhn.redhat.com/errata/RHSA-2015-1947.html http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html http://www.securityfocus.com/archive/1/535154/100/0/threaded http://www.securityfocus.com/bid/73478 http://www.securitytracker.com/id/1034002 https://access.redhat.com/security/cve/CVE-2015-0225 https://bugzilla.redhat.com/show_bug.cgi?id=1208181 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-306: Missing Authentication for Critical Function •