CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-12744

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.4%

CVSS Severity

CVSS v3 Score 8.0

References

https://aws.amazon.com/security/security-bulletins/AWS-2024-015/
https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.1.0.32
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-8596-2jgr-ppj7

Products affected by CVE-2024-12744

Amazon » Amazon Web Services Redshift Java Database Connectivity Driver » Version: 2.1.0.31

cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:2.1.0.31

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-12744

Products

Pricing

Contact Us