CVE-2024-27137

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Cassandra versions 4.0.2 through 5.0.2

Description A local attacker without access to the Apache Cassandra process or configuration files can manipulate the RMI registry to perform a man-in-the-middle attack. This allows the attacker to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations.

Recommendations Apache Cassandra versions 4.0.2 through 5.0.2: Upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 to fix the issue.

Fix

Improper Authentication

Deserialization of Untrusted Data

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-502CWE-668

Related Identifiers

AZL-56430

AZL-56446

BDU:2025-01150

BIT-CASSANDRA-2024-27137

CLEANSTART-2026-CI66802

CLEANSTART-2026-DD05788

CLEANSTART-2026-KM27583

CLEANSTART-2026-SP91806

CLEANSTART-2026-VH41554

CVE-2024-27137

GHSA-RGFX-7P65-3FF4

Affected Products

Apache Cassandra

Red Os

CVE-2024-27137

Weakness Enumeration

Related Identifiers

Affected Products

References · 263