CVE-2021-44521 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-44521 Interim 1 18 2025-02-17T00:24:04Z current 2022-02-14T02:41:12Z 2025-02-17T00:24:04Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-44521 When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 cassandra cassandra-tools cassandra as a component of HPE Helion OpenStack 8 cassandra-tools as a component of HPE Helion OpenStack 8 cassandra as a component of SUSE OpenStack Cloud 8 cassandra-tools as a component of SUSE OpenStack Cloud 8 cassandra as a component of SUSE OpenStack Cloud 9 cassandra-tools as a component of SUSE OpenStack Cloud 9 cassandra as a component of SUSE OpenStack Cloud Crowbar 8 cassandra-tools as a component of SUSE OpenStack Cloud Crowbar 8 cassandra as a component of SUSE OpenStack Cloud Crowbar 9 cassandra-tools as a component of SUSE OpenStack Cloud Crowbar 9 When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE. CVE-2021-44521 HPE Helion OpenStack 8:cassandra HPE Helion OpenStack 8:cassandra-tools SUSE OpenStack Cloud 8:cassandra SUSE OpenStack Cloud 8:cassandra-tools SUSE OpenStack Cloud 9:cassandra SUSE OpenStack Cloud 9:cassandra-tools SUSE OpenStack Cloud Crowbar 8:cassandra SUSE OpenStack Cloud Crowbar 8:cassandra-tools SUSE OpenStack Cloud Crowbar 9:cassandra SUSE OpenStack Cloud Crowbar 9:cassandra-tools important 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H