CVE-2024-12746

Опубликовано: 24 дек. 2024

Источник: nvd

CVSS3: 8

EPSS Низкий

Описание

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0.

Ссылки

https://aws.amazon.com/security/security-bulletins/AWS-2024-015/
Vendor Advisory
https://github.com/aws/amazon-redshift-odbc-driver/releases/tag/v2.1.6
Release Notes
https://github.com/aws/amazon-redshift-odbc-driver/security/advisories/GHSA-g63m-5vjv-wr3v
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:amazon:redshift_odbc_driver:2.1.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00404

Низкий

8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

BDU:2025-00063