English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

← Back to Products

cassandra

Vendor: apache

0
Total CVEs
0
Critical
0
High
0
Medium
0
Low

Recent CVEs

CVE-2026-32588

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.1...

Affected versions: 4.0.0 4.0.1 4.0.10 4.0.15 4.0.16 +25 more

Published: Apr 7, 2026

6.5

CVSS

CVE-2026-27315

Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via  ~/.cassandra/cqlsh_history local file ...

Affected versions: 4.0.0 4.0.1 4.0.10 4.0.15 4.0.16 +10 more

Published: Apr 7, 2026

5.5

CVSS

CVE-2026-27314

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitr...

Affected versions: 5.0.0 5.0.1 5.0.2 5.0.3 5.0.4

Published: Apr 7, 2026

8.8

CVSS

CVE-2025-26467

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via un...

Affected versions: 3.0.0 3.0.1 3.0.10 3.0.11 3.0.12 +68 more

Published: Aug 25, 2025

8.8

CVSS

CVE-2025-24860

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAutho...

Affected versions: 4.0.0 4.0.1 4.0.10 4.0.15 4.0.2 +18 more

Published: Feb 4, 2025

5.4

CVSS

CVE-2024-27137

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and...

Affected versions: 4.0.10 4.0.2 4.0.3 4.0.4 4.0.5 +15 more

Published: Feb 4, 2025

5.3

CVSS

CVE-2025-23015

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via un...

Affected versions: 3.0.0 3.0.1 3.0.10 3.0.11 3.0.12 +79 more

Published: Feb 4, 2025

8.8

CVSS

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. ...

Affected versions: 4.0.0

Published: Apr 23, 2019

5.9

CVSS

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop)....

Affected versions: 3.11.4

Published: Apr 13, 2017

7.5

CVSS

CVE-2016-3427 KEV

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors...

Affected versions: 4.0.0

Published: Apr 21, 2016

9.8

CVSS

CVE-2015-0225

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows rem...

Affected versions: 1.2.0 1.2.1 1.2.10 1.2.11 1.2.12 +33 more

Published: Apr 3, 2015

7.5

CVSS