Vulnerability-Lookup

CVE-2021-44521 (GCVE-0-2021-44521)

Vulnerability from cvelistv5 – Published: 2022-02-11 12:20 – Updated: 2024-08-04 04:25

Title

Remote code execution for scripted UDFs

Summary

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.

Severity ?

No CVSS data available.

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

apache

References

URL

	Vendor	Product	Version
	Apache Software Foundation	Apache Cassandra	Affected: 3.0.0 , < unspecified (custom) Affected: unspecified , < 3.0.26 (custom) Affected: 3.1 , < unspecified (custom) Affected: unspecified , < 3.11.12 (custom) Affected: 4.0.0 , < unspecified (custom) Affected: unspecified , < 4.0.2 (custom)

CVE-2021-44521

Vulnerability from fstec - Published: 11.02.2022

Title

Уязвимость распределённой системы управления базами данных Apache Cassandra, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код на хосте

Description

Уязвимость распределённой системы управления базами данных Apache Cassandra связана с неверным управлением генерацией кода. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код на хосте

Severity ?


                    
                      AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vendor

Apache Software Foundation

Software Name

Cassandra

Software Version

от 3.0.0 до 3.0.26 (Cassandra), от 3.11.0 до 3.11.12 (Cassandra), от 4.0.0 до 4.0.2 (Cassandra)

Possible Mitigations

Использование рекомендаций производителя: https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-44521 https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356 https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/

CWE

CWE-94

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Apache Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 3.0.0 \u0434\u043e 3.0.26 (Cassandra), \u043e\u0442 3.11.0 \u0434\u043e 3.11.12 (Cassandra), \u043e\u0442 4.0.0 \u0434\u043e 4.0.2 (Cassandra)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.02.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02507",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-44521",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cassandra",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Apache Cassandra, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0445\u043e\u0441\u0442\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430) (CWE-94)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Apache Cassandra \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0445\u043e\u0441\u0442\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2021-44521\nhttps://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356\nhttps://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-94",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,1)"
}

bit-cassandra-2021-44521

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:50

Modified

2025-05-20 10:02

Summary

Remote code execution for scripted UDFs

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "cassandra",
        "purl": "pkg:bitnami/cassandra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.26"
            },
            {
              "introduced": "3.11.0"
            },
            {
              "fixed": "3.11.12"
            },
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-44521"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
  },
  "details": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.",
  "id": "BIT-cassandra-2021-44521",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-03-06T10:50:58.097Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
    },
    {
      "type": "WEB",
      "url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220225-0001/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44521"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Remote code execution for scripted UDFs"
}

GSD-2021-44521

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-44521

Aliases

CVE-2021-44521

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-44521",
    "description": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.",
    "id": "GSD-2021-44521",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-44521.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-44521"
      ],
      "details": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.",
      "id": "GSD-2021-44521",
      "modified": "2023-12-13T01:23:20.653988Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2021-44521",
        "STATE": "PUBLIC",
        "TITLE": "Remote code execution for scripted UDFs"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Cassandra",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003e=",
                          "version_value": "3.0.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "3.0.26"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "3.1"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "3.11.12"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "4.0.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "4.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "This issue was discovered by Omer Kaspi of the JFrog Security vulnerability research team."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": [
        {
          "other": "high"
        }
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
          },
          {
            "name": "[oss-security] 20220211 CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
          },
          {
            "name": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/",
            "refsource": "MISC",
            "url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20220225-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20220225-0001/"
          }
        ]
      },
      "source": {
        "defect": [
          "CASSANDRA-17352"
        ],
        "discovery": "UNKNOWN"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "Set `enable_user_defined_functions_threads: true` (this is default)\nor\n3.0 users should upgrade to 3.0.26\n3.11 users should upgrade to 3.11.12\n4.0 users should upgrade to 4.0.2"
        }
      ]
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[3.0.0,3.0.26),[3.11.0,3.11.12),[4.0.0,4.0.2)",
          "affected_versions": "All versions starting from 3.0.0 before 3.0.26, all versions starting from 3.11.0 before 3.11.12, all versions starting from 4.0.0 before 4.0.2",
          "cvss_v2": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-732",
            "CWE-937"
          ],
          "date": "2022-08-09",
          "description": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.",
          "fixed_versions": [
            "3.0.26",
            "3.11.12",
            "4.0.2"
          ],
          "identifier": "CVE-2021-44521",
          "identifiers": [
            "CVE-2021-44521"
          ],
          "not_impacted": "All versions before 3.0.0, all versions starting from 3.0.26 before 3.11.0, all versions starting from 3.11.12 before 4.0.0, all versions starting from 4.0.2",
          "package_slug": "maven/org.apache.cassandra/cassandra-all",
          "pubdate": "2022-02-11",
          "solution": "Upgrade to versions 3.0.26, 3.11.12, 4.0.2 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-44521",
            "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356",
            "http://www.openwall.com/lists/oss-security/2022/02/11/4",
            "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
          ],
          "uuid": "122f74fd-eb9d-4917-8d0b-06893f6b124e"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.11.12",
                "versionStartIncluding": "3.11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.26",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-44521"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-732"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
            },
            {
              "name": "[oss-security] 20220211 CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
            },
            {
              "name": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220225-0001/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220225-0001/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2022-08-09T00:39Z",
      "publishedDate": "2022-02-11T13:15Z"
    }
  }
}

CERTFR-2023-AVI-0004

Vulnerability from certfr_avis - Published: 2023-01-04 - Updated: 2023-01-04

De multiples vulnérabilités ont été découvertes dans IBM Sterling. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Sterling	IBM Sterling Global Mailbox versions 6.0.x antérieures 6.1.2.1
	IBM	Sterling	IBM Sterling Global Mailbox versions 6.1.x antérieures 6.1.2.1

References

Title

Publication Time

FKIE_CVE-2021-44521

Vulnerability from fkie_nvd - Published: 2022-02-11 13:15 - Updated: 2024-11-21 06:31

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	http://www.openwall.com/lists/oss-security/2022/02/11/4	Mailing List, Third Party Advisory
security@apache.org	https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/	Exploit, Mitigation, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356	Issue Tracking, Mailing List, Vendor Advisory
security@apache.org	https://security.netapp.com/advisory/ntap-20220225-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/02/11/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/	Exploit, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356	Issue Tracking, Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220225-0001/	Third Party Advisory

Impacted products

Vendor	Product	Version
apache	cassandra	*
apache	cassandra	*
apache	cassandra	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC06A32-4458-44A4-B6DD-EA9BFD362D09",
              "versionEndExcluding": "3.0.26",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6C2BFF-2F8A-40B8-85E5-3C6C658C3A97",
              "versionEndExcluding": "3.11.12",
              "versionStartIncluding": "3.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FBC157-F7A5-43F5-B416-354C3B28F78A",
              "versionEndExcluding": "4.0.2",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE."
    },
    {
      "lang": "es",
      "value": "Cuando es ejecutado Apache Cassandra con la siguiente configuraci\u00f3n: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false es posible que un atacante ejecute c\u00f3digo arbitrario en el host. El atacante necesitar\u00eda tener suficientes permisos para crear funciones definidas por el usuario en el cluster para poder explotar esto. Tenga en cuenta que esta configuraci\u00f3n est\u00e1 documentada como no segura, y seguir\u00e1 siendo considerada no segura despu\u00e9s de esta CVE"
    }
  ],
  "id": "CVE-2021-44521",
  "lastModified": "2024-11-21T06:31:09.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-11T13:15:07.907",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220225-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220225-0001/"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2022-14703

Vulnerability from cnvd - Published: 2022-02-23

Title

Apache Cassandra代码注入漏洞

Description

Apache Cassandra是美国阿帕奇（Apache）基金会的一个分布式Nosql数据库。 Apache Cassandra存在代码注入漏洞，该漏洞源于外部输入数据构造代码段的过程中，网络系统或产品未能正确过滤其中的特殊元素。攻击者可利用该漏洞在特定配置下可能在主机上执行任意代码。

Severity

高

Patch Name

Apache Cassandra代码注入漏洞的补丁

Patch Description

Apache Cassandra是美国阿帕奇（Apache）基金会的一个分布式Nosql数据库。 Apache Cassandra存在代码注入漏洞，该漏洞源于外部输入数据构造代码段的过程中，网络系统或产品未能正确过滤其中的特殊元素。攻击者可利用该漏洞在特定配置下可能在主机上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356

Reference

https://www.cybersecurity-help.cz/vdb/SB2022021112

Impacted products

Name
['Apache Cassandra >=3.0.0，<3.0.26', 'Apache Cassandra >=3.11.0，<3.11.12', 'Apache Cassandra >=4.0.0，<4.0.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-44521",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-44521"
    }
  },
  "description": "Apache Cassandra\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u5206\u5e03\u5f0fNosql\u6570\u636e\u5e93\u3002\n\nApache Cassandra\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7279\u5b9a\u914d\u7f6e\u4e0b\u53ef\u80fd\u5728\u4e3b\u673a\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-14703",
  "openTime": "2022-02-23",
  "patchDescription": "Apache Cassandra\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u5206\u5e03\u5f0fNosql\u6570\u636e\u5e93\u3002\r\n\r\nApache Cassandra\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7279\u5b9a\u914d\u7f6e\u4e0b\u53ef\u80fd\u5728\u4e3b\u673a\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Cassandra\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Cassandra \u003e=3.0.0\uff0c\u003c3.0.26",
      "Apache Cassandra \u003e=3.11.0\uff0c\u003c3.11.12",
      "Apache Cassandra \u003e=4.0.0\uff0c\u003c4.0.2"
    ]
  },
  "referenceLink": "https://www.cybersecurity-help.cz/vdb/SB2022021112",
  "serverity": "\u9ad8",
  "submitTime": "2022-02-15",
  "title": "Apache Cassandra\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

GHSA-8FFC-79XG-29W8

Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-08-11 19:20

Summary

Apache Cassandra vulnerable to Code Injection due to unsafe configuration

Details

Severity ?

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.cassandra:cassandra-all"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.26"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.cassandra:cassandra-all"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.11.0"
            },
            {
              "fixed": "3.11.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.cassandra:cassandra-all"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-44521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-23T16:10:04Z",
    "nvd_published_at": "2022-02-11T13:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.",
  "id": "GHSA-8ffc-79xg-29w8",
  "modified": "2022-08-11T19:20:55Z",
  "published": "2022-02-12T00:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44521"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/cassandra"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/CASSANDRA-17352"
    },
    {
      "type": "WEB",
      "url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220225-0001"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Cassandra vulnerable to Code Injection due to unsafe configuration"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-44521 (GCVE-0-2021-44521)

CVE-2021-44521

bit-cassandra-2021-44521

Vulnerability from bitnami_vulndb

GSD-2021-44521

CERTFR-2023-AVI-0004

Solution

FKIE_CVE-2021-44521

CNVD-2022-14703

GHSA-8FFC-79XG-29W8

Tags

Sightings

Nomenclature