Security Magazine covers a high-severity security vulnerability in Apache Cassandra with comments from BluBracket VP Casey Bisson:
“Casey Bisson, Head of Product and Developer Relations at BluBracket, says Apache Cassandra is reported to be used as critical infrastructure supporting multiple top-tier internet giants, so a remote code execution vulnerability could have a broad impact with very serious consequences as a threat actor could read or manipulate sensitive data in vulnerable configurations.
Fortunately, Bisson says, “default configurations are not vulnerable, and the configuration variable suggests the risk. However, if a threat actor can gain access to the configuration, they could enable the vulnerability without the operators being aware.”