Hashicorp · Vault Enterprise · CVE-2021-27400
**Name of the Vulnerable Software and Affected Versions**
HashiCorp Vault and Vault Enterprise versions prior to 1.6.4
HashiCorp Vault and Vault Enterprise versions prior to 1.7.1
**Description**
The issue concerns the failure to validate TLS certificates when connecting to Cassandra clusters, affecting the storage backend and database secrets engine plugin.
**Recommendations**
For versions prior to 1.6.4, update to version 1.6.4 or later.
For versions prior to 1.7.1, update to version 1.7.1 or later.