Vulnerability Details CVE-2022-29971
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/
- https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/
- https://www.magnitude.com/products/data-connectivity
- https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/
- https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/
- https://www.magnitude.com/products/data-connectivity
Products affected by CVE-2022-29971
-
cpe:2.3:a:insightsoftware:magnitude_simba_amazon_athena_odbc_driver:*