92 matches found
Exploit for Incorrect Permission Assignment for Critical Resource in Apache Cassandra
CVE-2021-44521 Automated PoC of CVE-2021-44521 Credits to orig...
Exploit for Incorrect Permission Assignment for Critical Resource in Apache Cassandra
CVE-2021-44521 Automated PoC of CVE-2021-44521 Credits to orig...
Security Bulletin: Datastax Enterprise with IBM is vulnerable to exploiting Apache Cassandra User-Defined Functions for Remote Code Execution
Summary In Datastax Enterprise with IBM, a remote code execution RCE security vulnerability in Apache Cassandra exists and has been assigned to CVE-2021-44521. Vulnerability Details CVEID: CVE-2021-44521 DESCRIPTION: Apache Cassandra could allow a remote authenticated attacker to execute arbitrar...
Apache Cassandra database affected by easily exploitable Remote code execution
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Apache Cassandra is a database software being used by many companies such as Uber, Facebook, Netflix, Twitter, Instagram, Spotify, Instacart, Reddit, and Accenture. A remote code execution flaw CVE-2021-44521 is reported whi...
High-Severity RCE Bug Found in Popular Apache Cassandra Database
Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that’s easy to exploit and, if left unpatched, could enable attackers to gain remote code execution RCE. The bug, which involves how Cassandra creates...
CVE-2021-44521
A flaw was found in Cassandra that allows users with certain permissions to execute user-defined functions to create scripts and run remote code execution. This flaw allows an attacker to gain unwanted access and also execute actions against Cassandra...
GHSA-8FFC-79XG-29W8 Apache Cassandra vulnerable to Code Injection due to unsafe configuration
When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...
Apache Cassandra vulnerable to Code Injection due to unsafe configuration
When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...
CVE-2021-44521
When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...
CVE-2021-44521
When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...
CVE-2021-44521 Remote code execution for scripted UDFs
When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...
CVE-2021-44521
CVE-2021-44521 affects Apache Cassandra when enable_user_defined_functions: true, enable_scripted_user_defined_functions: true, and enable_user_defined_functions_threads: false. The documented unsafe configuration can allow an attacker with cluster-level permissions to create user-defined functio...
PT-2022-2317 · Apache · Apache Cassandra
Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions prior to 3.0.26 Apache Cassandra versions prior to 3.11.12 Apache Cassandra versions prior to 4.0.2 Description: The issue is related to the incorrect management of code generation in Apache Cassandra, which can allo...
cassandra3 -- arbitrary code execution
Marcus Eriksson reports: When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need...
CVE-2020-25234
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...
CVE-2020-25234
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...
Information disclosure
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...
CVE-2020-25234
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...
Remote code execution
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...
The vulnerability of the UDF subsystem of the “Red Database” and Firebird database management systems allows attackers to execute arbitrary code.
The vulnerability of the UDF subsystem in the “Red Database” and Firebird database management systems is related to errors during the execution of user-defined functions. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...