CVE-2020-13946

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and password...

CVE-2024-27137

In Apache Cassandra it is possible for a local attacker without accessto the Apache Cassandra process or configuration files to manipulatethe RMI registry to perform a man-in-the-middle attack and capture usernames and passwords used to access the JMX interface. The attacker canthen use these crede...