Vulnerability Details CVE-2022-30239
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/
- https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/
- https://www.magnitude.com/products/data-connectivity
- https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/
- https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/
- https://www.magnitude.com/products/data-connectivity
Products affected by CVE-2022-30239
-
cpe:2.3:a:insightsoftware:magnitude_simba_amazon_athena_jdbc_driver:*