Main Vulnerability Database SB2022021112

SB2022021112 - Remote code execution in Apache Cassandra

Published: February 11, 2022 Updated: November 26, 2022

Security Bulletin ID SB2022021112

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Description

This security bulletin contains information about 1 security vulnerability.

1) Security features bypass (CVE-ID: CVE-2021-44521)

The vulnerability allows a remote user to execute arbitrary code on the system.

The vulnerability exists due to insecure configuration that allows arbitrary code execution if the following settings are applied:

enable_user_defined_functions: true
enable_scripted_user_defined_functions: true
enable_user_defined_functions_threads: false

Note, such configuration is considered insecure and as not default.

Install update from vendor's website.