The host is installed with Apache Cassandra 3.0.x before 3.0.26, 3.11.x before 3.11.12 or 4.0.x before 4.0.2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle configuration of user defined functions. Successful exploitation allows attacker to execute arbitrary code on the host.