Apache Cassandra - Remote Code Execution CVE-2021-44521
- CVSSv3 Score
- Vulnerability description
Apache Cassandra server is vulnerable to CVE-2021-44521, a Remote Code Execution vulnerability that can affect the Apache Cassandra database. The root cause of this vulnerability is an improper configuration of the Cassandra engine that allows an unauthenticated user to write a function that can execute code on the Cassandra server.
- Risk description
The risk exists that an unauthenticated remote attacker could leverage the Remote Code Execution vulnerability to gain full control of the Cassandra server, where they could steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
Update the Apache Cassandra server to the latest version.
- Not available