- Description
- A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0.
- Source
- ff89ba41-3aa1-4d27-914a-91399e9639e5
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- ff89ba41-3aa1-4d27-914a-91399e9639e5
- CWE-89
- Hype score
- Not currently trending
🚨 #Amazon fixes 3 high-severity SQL injection vulnerabilities in #Redshift drivers: 🔓 CVE-2024-12744 (JDBC) 🐍 CVE-2024-12745 (Python Connector) 🔑 CVE-2024-12746 (ODBC) 📢 Update now to secure your data! 💡 Track & defend with SOCRadar Vulnerability Intelligence:… https://
@socradar
28 Dec 2024
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A trio of SQL injection vulnerabilities has been discovered in various Amazon Redshift drivers, potentially allowing attackers to escalate privileges and wreak havoc on your data. The vulnerabilities tracked as CVE-2024-12744, CVE-2024-12745, and CVE-2024-12746, all carry a… ht
@cybertzar
26 Dec 2024
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 3 SQL injection vulnerabilities in Amazon Redshift drivers (CVE-2024-12744, CVE-2024-12745, CVE-2024-12746) can lead to privilege escalation. Patches are essential to protect sensitive data. #AmazonRedshift #DataBreach #USA #CybersecurityNews link: https://t.co/7iKI0r1SnO htt
@TweetThreatNews
26 Dec 2024
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Amazon Redshiftの各ドライバにSQLインジェクションの脆弱性。CVE-2024-12744はJDBC Driver、CVE-2024-12745はPython Connector、CVE-2024-12746はODBC Driver向け。メタデータAPIを叩く際に脆弱。クエリをパラメタ化する修正が適用済み。 https://t.co/PnOweD7vgI
@__kokumoto
26 Dec 2024
457 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-12746 A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 win & linux allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4
@Infosec_techs
25 Dec 2024
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Issue with RedShift JDBC Driver, Python Connector and ODBC Driver - (CVE-2024-12744, CVE-2024-12745, CVE-2024-12746) https://t.co/rA2zcHWUu5 #amazon #feedly
@yutuki_r
25 Dec 2024
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-12746 A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users must upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0.
@VIPER92929
24 Dec 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12746 SQL Injection Escalates Privileges in Amazon Redshift ODBC Driver v2.1.5.0 A SQL injection vulnerability is in the Amazon Redshift ODBC Driver v2.1.5. This issue can be used by attackers on either ... https://t.co/YkV44frQxt
@VulmonFeeds
24 Dec 2024
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12746 A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata API… https://t.co/Sf7hTq6Db3
@CVEnew
24 Dec 2024
636 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-12746: HIGH] Critical vulnerability in Amazon Redshift ODBC Driver v2.1.5.0 for Windows/Linux enables privilege escalation via SQL injection. Update to v2.1.6.0 or rollback to v2.1.4.0 advised.#cybersecurity,#vulnerability https://t.co/ALNIdVrvPG https://t.co/VpiowWC0Et
@CveFindCom
24 Dec 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes