Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache cassandra vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-8016
The default configuration in Apache Cassandra 3.8 up to and including 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote malicious users to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. T...
Apache Cassandra
9.1
CVSSv3
CVE-2021-44521
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an malicious user to execute arbitrary code on the host. The attacker w...
Apache Cassandra
11 Github repositories
9.1
CVSSv3
CVE-2021-40525
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassa...
Apache James
8.8
CVSSv3
CVE-2023-33972
Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for t...
Scylladb Scylladb
8.1
CVSSv3
CVE-2022-29240
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real...
Scylladb Scylla
7.8
CVSSv3
CVE-2023-30601
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 up to and including 4.0.9, from 4.1.0 up to and including 4.1.1. WORKAROUND The vulnerabili...
Apache Cassandra
7.5
CVSSv3
CVE-2020-17516
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can...
Apache Cassandra
5.9
CVSSv3
CVE-2020-13946
In Apache Cassandra, all versions before 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user n...
Apache Cassandra 4.0.0
Apache Cassandra
Netapp Oncommand Insight -
5.9
CVSSv3
CVE-2019-2684
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network ...
Oracle Jdk 11.0.2
Oracle Jdk 12
Oracle Jre 11.0.2
Oracle Jre 12
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Satellite 5.8
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
2 Github repositories
NA
CVE-2015-0225
The default configuration in Apache Cassandra 1.2.0 up to and including 1.2.19, 2.0.0 up to and including 2.0.13, and 2.1.0 up to and including 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote malicious users to execute arbitrary Jav...
Apache Cassandra 1.2.12
Apache Cassandra 1.2.6
Apache Cassandra 1.2.2
Apache Cassandra 1.2.3
Apache Cassandra 2.1.2
Apache Cassandra 2.0.13
Apache Cassandra 1.2.5
Apache Cassandra 1.2.13
Apache Cassandra 2.0.2
Apache Cassandra 2.0.4
Apache Cassandra 2.1.1
Apache Cassandra 2.0.8
Apache Cassandra 1.2.9
Apache Cassandra 2.0.7
Apache Cassandra 2.0.1
Apache Cassandra 1.2.1
Apache Cassandra 2.0.11
Apache Cassandra 1.2.11
Apache Cassandra 2.0.3
Apache Cassandra 1.2.14
Apache Cassandra 1.2.15
Apache Cassandra 1.2.8
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started