CVE-2018-8016

Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 3.8 through 3.11.1

Description: The default configuration of Apache Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces, allowing remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression that was introduced due to a specific change and is resolved in a later release.

Recommendations: For Apache Cassandra versions 3.8 through 3.11.1, update to version 3.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the JMX/RMI interface to minimize the risk of exploitation.