9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
cassandra-all is vulnerable to remote code execution. When enable_user_defined_functions
, enable_scripted_user_defined_functions
, and enable_scripted_user_defined_functions
are set, an attacker can inject and execute malicious code on the host through the scripted UDFs
.
www.openwall.com/lists/oss-security/2022/02/11/4
github.com/apache/cassandra/commit/5c9ba06dd31157cd224af2cec75521fefe2c9883
issues.apache.org/jira/browse/CASSANDRA-17352
jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/
lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356
security.netapp.com/advisory/ntap-20220225-0001/
www.openwall.com/lists/oss-security/2022/02/11/4
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C