Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2022-29972

Опубликовано: 09 мая 2022
Источник: msrc
EPSS Низкий

Описание

Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver

FAQ

Is the CVSS vector different as it relates to the Microsoft services that the vulnerability affects?

The vulnerability in the Redshift driver referenced in the CVE impacts Microsoft services listed in the affected software table. The environmental score as it relates to affected Microsoft services can be different than the score assigned by the owner of the CVE. The base environmental score that Microsoft has assigned is 8.2.

Environmental Vector ElementValueComment
Modified Attack VectorNetwork
Modified Attack ComplexityLow
Modified Privileges RequiredHigh
Modified User InteractionNone
Modified ScopeChangedThe vulnerability in the redshift driver impacts the services listed in the affected software.
Modified ConfidentialityHigh
Modified IntegrityHigh
Modified AvailabilityHigh

Are there any special roles that enable exploitation of this vulnerability?

Exploiting this vulnerability requires an attacker to have at least one of the following roles:

  • Synapse Administrator
  • Synapse Contributor
  • Synapse Compute Operator

For more details on these roles, please refer to Synapse RBAC Roles.

Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)?

CVE-2022-29972 is regarding a vulnerability in the Magnitude Simba Amazon Redshift ODBC Driver. MITRE created this CVE on their behalf.

Please see Redshift and Athena Driver Vulnerability for more information.

Обновления

ПродуктСтатьяОбновление
Self-hosted Integration Runtime
Release Notes
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Yes

Exploited

No

Latest Software Release

Exploitation More Likely

Older Software Release

Exploitation More Likely

EPSS

Процентиль: 68%
0.00568
Низкий

Связанные уязвимости

nvd логотип

CVE-2022-29972

CVSS3: 7.8
nvd
больше 3 лет назад

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.

github логотип

GHSA-ph62-9j8f-j6ff

CVSS3: 7.8
github
больше 3 лет назад

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.

fstec логотип

BDU:2022-02884

CVSS3: 9.1
fstec
почти 4 года назад

Уязвимость стороннего компонента интеграции данных драйвера Magnitude Simba Amazon Redshift ODBC в облачных службах Azure Data Factory и Azure Synapse, позволяющая нарушителю выполнить произвольный код

msrc логотип

ADV220001

msrc
больше 3 лет назад

Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972

EPSS

Процентиль: 68%
0.00568
Низкий