Skip to main content

Amazon Web Services Redshift Java Database Connectivity Driver

2 CVEs product

Monthly

CVE-2024-12744 Maven HIGH PATCH This Week

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Amazon Web Services Redshift Java Database Connectivity Driver
NVD GitHub
CVSS 4.0
8.6
EPSS
0.6%
CVE-2022-41828 Maven HIGH PATCH This Week

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Amazon Web Services Redshift Java Database Connectivity Driver
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
EPSS 1% CVSS 8.6
HIGH PATCH This Week

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Amazon Web Services Redshift Java Database Connectivity Driver
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Amazon Web Services Redshift Java Database Connectivity Driver
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy