A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Dec 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 25 Dec 2024 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 24 Dec 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0. | |
Title | SQL Injection in the Amazon Redshift ODBC Driver affecting v2.1.5.0 | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: AMZN
Published: 2024-12-24T16:16:37.499Z
Updated: 2024-12-26T14:18:22.213Z
Reserved: 2024-12-18T01:43:56.475Z
Link: CVE-2024-12746
Vulnrichment
Updated: 2024-12-25T02:38:52.640Z
NVD
Status : Received
Published: 2024-12-24T17:15:08.353
Modified: 2024-12-26T15:15:06.650
Link: CVE-2024-12746
Redhat
No data.