- Description
- A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3.
- Source
- ff89ba41-3aa1-4d27-914a-91399e9639e5
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- ff89ba41-3aa1-4d27-914a-91399e9639e5
- CWE-89
- Hype score
- Not currently trending
🚨 #Amazon fixes 3 high-severity SQL injection vulnerabilities in #Redshift drivers: 🔓 CVE-2024-12744 (JDBC) 🐍 CVE-2024-12745 (Python Connector) 🔑 CVE-2024-12746 (ODBC) 📢 Update now to secure your data! 💡 Track & defend with SOCRadar Vulnerability Intelligence:… https://
@socradar
28 Dec 2024
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oh , how nice. Japan Airlines has a cyber attack and Pittsburgh Regional Transit got ransomware'd - and Amazon had a major problem? NVD - CVE-2024-12745 "A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the… https://t.
@seaarepea
26 Dec 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A trio of SQL injection vulnerabilities has been discovered in various Amazon Redshift drivers, potentially allowing attackers to escalate privileges and wreak havoc on your data. The vulnerabilities tracked as CVE-2024-12744, CVE-2024-12745, and CVE-2024-12746, all carry a… ht
@cybertzar
26 Dec 2024
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 3 SQL injection vulnerabilities in Amazon Redshift drivers (CVE-2024-12744, CVE-2024-12745, CVE-2024-12746) can lead to privilege escalation. Patches are essential to protect sensitive data. #AmazonRedshift #DataBreach #USA #CybersecurityNews link: https://t.co/7iKI0r1SnO htt
@TweetThreatNews
26 Dec 2024
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Amazon Redshiftの各ドライバにSQLインジェクションの脆弱性。CVE-2024-12744はJDBC Driver、CVE-2024-12745はPython Connector、CVE-2024-12746はODBC Driver向け。メタデータAPIを叩く際に脆弱。クエリをパラメタ化する修正が適用済み。 https://t.co/PnOweD7vgI
@__kokumoto
26 Dec 2024
457 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Issue with RedShift JDBC Driver, Python Connector and ODBC Driver - (CVE-2024-12744, CVE-2024-12745, CVE-2024-12746) https://t.co/rA2zcHWUu5 #amazon #feedly
@yutuki_r
25 Dec 2024
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12745 A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata API… https://t.co/BPvFlrV0Dv
@CVEnew
24 Dec 2024
687 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-12745: HIGH] SQL injection in Amazon Redshift Python Connector v2.1.4 allows users escalated privileges via Metadata APIs. Upgrade to v2.1.5 or revert to v2.1.3 for enhanced cybersecurity.#cybersecurity,#vulnerability https://t.co/x5yyjaCy1T https://t.co/cP8cvofsJB
@CveFindCom
24 Dec 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes