{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2021-44521","title":"Title"},{"category":"description","text":"When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2021-44521","url":"https://www.suse.com/security/cve/CVE-2021-44521"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1195843 for CVE-2021-44521","url":"https://bugzilla.suse.com/1195843"}],"title":"SUSE CVE CVE-2021-44521","tracking":{"current_release_date":"2025-04-25T04:27:33Z","generator":{"date":"2023-02-15T03:36:39Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2021-44521","initial_release_date":"2023-02-15T03:36:39Z","revision_history":[{"date":"2023-02-15T03:36:39Z","number":"2","summary":"Current version"},{"date":"2025-01-01T04:07:47Z","number":"3","summary":"Current version"},{"date":"2025-02-15T04:42:29Z","number":"4","summary":"Current version"},{"date":"2025-02-17T05:05:07Z","number":"5","summary":"Current version"},{"date":"2025-03-15T08:36:21Z","number":"6","summary":"Current version"},{"date":"2025-04-25T04:27:33Z","number":"7","summary":"Current version"}],"status":"interim","version":"7"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"HPE Helion OpenStack 8","product":{"name":"HPE Helion OpenStack 8","product_id":"HPE Helion OpenStack 8","product_identification_helper":{"cpe":"cpe:/o:suse:hpe-helion-openstack:8"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 8","product":{"name":"SUSE OpenStack Cloud 8","product_id":"SUSE OpenStack Cloud 8","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:8"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 9","product":{"name":"SUSE OpenStack Cloud 9","product_id":"SUSE OpenStack Cloud 9","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:9"}}},{"category":"product_name","name":"SUSE OpenStack Cloud Crowbar 8","product":{"name":"SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud-crowbar:8"}}},{"category":"product_name","name":"SUSE OpenStack Cloud Crowbar 9","product":{"name":"SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud-crowbar:9"}}},{"category":"product_version","name":"cassandra","product":{"name":"cassandra","product_id":"cassandra","product_identification_helper":{"cpe":"cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cassandra@?upstream=cassandra.src.rpm"}}},{"category":"product_version","name":"cassandra-tools","product":{"name":"cassandra-tools","product_id":"cassandra-tools","product_identification_helper":{"cpe":"cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cassandra-tools@?upstream=cassandra.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cassandra as component of HPE Helion OpenStack 8","product_id":"HPE Helion OpenStack 8:cassandra"},"product_reference":"cassandra","relates_to_product_reference":"HPE Helion OpenStack 8"},{"category":"default_component_of","full_product_name":{"name":"cassandra-tools as component of HPE Helion OpenStack 8","product_id":"HPE Helion OpenStack 8:cassandra-tools"},"product_reference":"cassandra-tools","relates_to_product_reference":"HPE Helion OpenStack 8"},{"category":"default_component_of","full_product_name":{"name":"cassandra as component of SUSE OpenStack Cloud 8","product_id":"SUSE OpenStack Cloud 8:cassandra"},"product_reference":"cassandra","relates_to_product_reference":"SUSE OpenStack Cloud 8"},{"category":"default_component_of","full_product_name":{"name":"cassandra-tools as component of SUSE OpenStack Cloud 8","product_id":"SUSE OpenStack Cloud 8:cassandra-tools"},"product_reference":"cassandra-tools","relates_to_product_reference":"SUSE OpenStack Cloud 8"},{"category":"default_component_of","full_product_name":{"name":"cassandra as component of SUSE OpenStack Cloud 9","product_id":"SUSE OpenStack Cloud 9:cassandra"},"product_reference":"cassandra","relates_to_product_reference":"SUSE OpenStack Cloud 9"},{"category":"default_component_of","full_product_name":{"name":"cassandra-tools as component of SUSE OpenStack Cloud 9","product_id":"SUSE OpenStack Cloud 9:cassandra-tools"},"product_reference":"cassandra-tools","relates_to_product_reference":"SUSE OpenStack Cloud 9"},{"category":"default_component_of","full_product_name":{"name":"cassandra as component of SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8:cassandra"},"product_reference":"cassandra","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 8"},{"category":"default_component_of","full_product_name":{"name":"cassandra-tools as component of SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8:cassandra-tools"},"product_reference":"cassandra-tools","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 8"},{"category":"default_component_of","full_product_name":{"name":"cassandra as component of SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9:cassandra"},"product_reference":"cassandra","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 9"},{"category":"default_component_of","full_product_name":{"name":"cassandra-tools as component of SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9:cassandra-tools"},"product_reference":"cassandra-tools","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 9"}]},"vulnerabilities":[{"cve":"CVE-2021-44521","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-44521"}],"notes":[{"category":"general","text":"When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.","title":"CVE description"}],"product_status":{"known_not_affected":["HPE Helion OpenStack 8:cassandra","HPE Helion OpenStack 8:cassandra-tools","SUSE OpenStack Cloud 8:cassandra","SUSE OpenStack Cloud 8:cassandra-tools","SUSE OpenStack Cloud 9:cassandra","SUSE OpenStack Cloud 9:cassandra-tools","SUSE OpenStack Cloud Crowbar 8:cassandra","SUSE OpenStack Cloud Crowbar 8:cassandra-tools","SUSE OpenStack Cloud Crowbar 9:cassandra","SUSE OpenStack Cloud Crowbar 9:cassandra-tools"]},"references":[{"category":"external","summary":"CVE-2021-44521","url":"https://www.suse.com/security/cve/CVE-2021-44521"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1195843 for CVE-2021-44521","url":"https://bugzilla.suse.com/1195843"}],"threats":[{"category":"impact","date":"2022-02-11T14:00:02Z","details":"important"}],"title":"CVE-2021-44521"}]}