CVE-2021-44521

Description from NVD

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.

Information Acquisition Date:2022-02-28T16:40Z
CVSS 2.0: 8.5 HIGH CVSS 3.x: 9.1 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:S/C:C/I:C/A:C

NVD References

 https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356
     source:MISC
     tags:Issue Tracking    Mailing List    Vendor Advisory    
 [oss-security] 20220211 CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/
     source:MISC
     tags:Exploit    Mitigation    Third Party Advisory    
 https://security.netapp.com/advisory/ntap-20220225-0001/
     source:CONFIRM
     tags:

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apache(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
http://patrowl.io205
https://cvetrends.com48
https://twitter.com/TheHackersNews/status/14938189484453683234
https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cas...3
https://thehackernews.com/2022/02/high-severity-rce-securit...3
https://noticiasseguridad.com/vulnerabilidades/cve-2021-445...3

Information from Twitter

User URL Info Source Date
Itumeleng_Les https://jfrog.com/cve-2021-44521-exploiting-apache-cassandr... Source Itumeleng_Les    1596816415889031170 2022/11/27

List of frequently cited URLs

URLNum of Times Referred to
patrowl.io205
cvetrends.com48
twitter.com4
jfrog.com3
thehackernews.com3
noticiasseguridad.com3

Information from Twitter

User URL Info Source
Itumeleng_Les jfrog.com Show Tweet
GitHub Search Results: Up to 10
NameURL
QHpix/CVE-2021-44521 https://github.com/QHpix/CVE-2021-44521
GitHub Search Results: Up to 10
NameURL
QHpix/CVE-2021-44521 github.com
2022/11/27 Score : 1
Added Har-sia Database : 2022/02/11
Last Modified : 2022/11/27
Highest Scored Date : 2022/02/17
Highest Score : 48