Vulnerabilities > Apache > Cassandra > 3.0.23
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-44521 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Cassandra When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. | 9.1 |
| 2021-02-03 | CVE-2020-17516 | Authentication Bypass by Spoofing vulnerability in Apache Cassandra Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. | 7.5 |