SQL Injection Vulnerability in Amazon Redshift ODBC Driver
CVE-2024-12746

8.6HIGH

Key Information:

Vendor

Amazon

Status
Amazon Redshift Odbc Driver
Vendor
CVE Published:
24 December 2024

Badges

đź“° News Worthy

What is CVE-2024-12746?

A vulnerability exists in the Amazon Redshift ODBC Driver version 2.1.5.0, where improper input validation in the SQLTables and SQLColumns Metadata APIs can lead to SQL injection attacks. This flaw could allow unauthorized users to gain escalated privileges within the database environment, thereby posing a significant risk to data integrity and security. Users are advised to upgrade to version 2.1.6.0 or downgrade to version 2.1.4.0 to mitigate the issues associated with this vulnerability. For detailed guidance, refer to the vendor's advisory.

Affected Version(s)

Amazon Redshift ODBC Driver 2.1.5.0

News Articles

favicon imageForbes

Update Amazon Now—3 Dangerous Security Vulnerabilities Hit The Cloud

Three security vulnerabilities warranting a patch immediately warning have been confirmed for users of the Amazon Redshift cloud platform—what you need to know.

References

https://github.com/aws/amazon-redshift-odbc-driver/securi...
vendor-advisory
https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • đź“°

    First article discovered by Forbes

  • Vulnerability published

  • Vulnerability Reserved

.