Hi Manish, unfortunately I'm afraid, as far as I'm aware there is not.
Thanks, Sam > On 2 Sep 2020, at 04:14, manish khandelwal <manishkhandelwa...@gmail.com> > wrote: > > Hi Sam > > Is there any alternative to avoid this vulnerability? Like upgrade to > specific JVM version. > > Regards > Manish > > On Tue, Sep 1, 2020 at 8:03 PM Sam Tunnicliffe <s...@beobal.com > <mailto:s...@beobal.com>> wrote: > CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability > > Versions Affected: > All versions prior to: 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2 > > Description: > It is possible for a local attacker without access to the Apache Cassandra > process or configuration files to manipulate the RMI registry to perform a > man-in-the-middle attack and capture user names and passwords used to access > the JMX interface. The attacker can then use these credentials to access the > JMX interface and perform unauthorised operations. > Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables > this issue to be exploited remotely. > > Mitigation: > 2.1.x users should upgrade to 2.1.22 > 2.2.x users should upgrade to 2.2.18 > 3.0.x users should upgrade to 3.0.22 > 3.11.x users should upgrade to 3.11.8 > 4.0-beta1 users should upgrade to 4.0-beta2 > >
