CVE-2020-13946
Severity
5.9MEDIUM
EPSS
0.3%
top 47.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 1
Latest updateFeb 4
Description
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulne…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
4📋Vendor Advisories
2💬Community
2Bugzilla▶
CVE-2020-13946 cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface [fedora-all]↗2020-09-04
Bugzilla▶
CVE-2020-13946 cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface↗2020-09-04