{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T09:34:29.068","vulnerabilities":[{"cve":{"id":"CVE-2020-13946","sourceIdentifier":"security@apache.org","published":"2020-09-01T21:15:11.833","lastModified":"2024-11-21T05:02:12.400","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely."},{"lang":"es","value":"En Apache Cassandra, todas las versiones anteriores a 2.1.22, 2.2.18, 3.0.22, 3.11.8 y 4.0-beta2, es posible a un atacante local sin acceso al proceso de Apache Cassandra o archivos de configuración manipular el registro RMI para llevar a cabo un ataque de tipo man-in-the-middle y capturar los nombres de usuario y las contraseñas usadas para acceder a la interfaz JMX. El atacante puede usar estas credenciales para acceder a la interfaz JMX y llevar a cabo operaciones no autorizadas. Los usuarios también deben conocer de CVE-2019-2684, una vulnerabilidad de JRE que permite explotar este problema remotamente"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.22","matchCriteriaId":"930123F9-7681-4950-A69A-4B1DB6CFC157"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.2.18","matchCriteriaId":"53EC5281-8A0B-45A9-8E05-6709516DDFCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.22","matchCriteriaId":"AE85F320-9AD4-48CA-AAD6-D3436E132204"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11.0","versionEndExcluding":"3.11.8","matchCriteriaId":"291DAFA7-48C8-43D0-A800-FC0337764EB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cassandra:4.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"730AD2BE-5DF1-42C1-934E-B4C4EA4B6BA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cassandra:4.0.0:alpha2:*:*:*:*:*:*","matchCriteriaId":"04C093DB-F50C-465D-96DE-02B18EDA4F77"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cassandra:4.0.0:alpha3:*:*:*:*:*:*","matchCriteriaId":"A983471D-B99E-4072-9471-CC84645DC76C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cassandra:4.0.0:alpha4:*:*:*:*:*:*","matchCriteriaId":"C0F8BC82-2AA3-4892-9541-A3D4EC4B5C80"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cassandra:4.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"A7B8B2B7-874C-45C7-88B9-CAEF8F12D1EA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"}]}]}],"references":[{"url":"https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210521-0005/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210521-0005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}