suse · CVE-2018-8016

Quick triage

Priority: high Published: 2021-05-30 14:11:44 UTC Updated: 2022-11-27 01:20:07 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-8016 severity important: SUSE including 2 source package names (cassandra, cassandra-tools), 6 product×package rows across 3 product lines (HPE Helion OpenStack 8, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8): Known Not Affected 6.

Description:

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.

cvelogic Threat Intelligence