CVE-2020-13946

{"id": "CVE-2020-13946", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2020-09-01T21:15:11.833", "references": [{"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20210521-0005/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20210521-0005/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely."}, {"lang": "es", "value": "En Apache Cassandra, todas las versiones anteriores a 2.1.22, 2.2.18, 3.0.22, 3.11.8 y 4.0-beta2, es posible a un atacante local sin acceso al proceso de Apache Cassandra o archivos de configuraci\u00f3n manipular el registro RMI para llevar a cabo un ataque de tipo man-in-the-middle y capturar los nombres de usuario y las contrase\u00f1as usadas para acceder a la interfaz JMX. El atacante puede usar estas credenciales para acceder a la interfaz JMX y llevar a cabo operaciones no autorizadas. Los usuarios tambi\u00e9n deben conocer de CVE-2019-2684, una vulnerabilidad de JRE que permite explotar este problema remotamente"}], "lastModified": "2024-11-21T05:02:12.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "930123F9-7681-4950-A69A-4B1DB6CFC157", "versionEndExcluding": "2.1.22"}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53EC5281-8A0B-45A9-8E05-6709516DDFCD", "versionEndExcluding": "2.2.18", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE85F320-9AD4-48CA-AAD6-D3436E132204", "versionEndExcluding": "3.0.22", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "291DAFA7-48C8-43D0-A800-FC0337764EB4", "versionEndExcluding": "3.11.8", "versionStartIncluding": "3.11.0"}, {"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "730AD2BE-5DF1-42C1-934E-B4C4EA4B6BA3"}, {"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04C093DB-F50C-465D-96DE-02B18EDA4F77"}, {"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A983471D-B99E-4072-9471-CC84645DC76C"}, {"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:alpha4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0F8BC82-2AA3-4892-9541-A3D4EC4B5C80"}, {"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7B8B2B7-874C-45C7-88B9-CAEF8F12D1EA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}