Vulnerabilities > Apache > Cassandra > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-30 CVE-2023-30601 Unspecified vulnerability in Apache Cassandra
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.
local
low complexity
apache
7.8
2021-02-03 CVE-2020-17516 Authentication Bypass by Spoofing vulnerability in Apache Cassandra
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections.
network
low complexity
apache CWE-290
7.5
2017-04-13 CVE-2016-4970 Infinite Loop vulnerability in multiple products
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
network
low complexity
netty redhat apache CWE-835
7.5