CVE-2022-30239

Sažetak

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971.

Reference

https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/
https://www.magnitude.com/products/data-connectivity

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

18-05-2022 - 14:18

Objavljeno

09-05-2022 - 18:15