An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971.
References
Link | Resource |
---|---|
https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/ | Vendor Advisory |
https://www.magnitude.com/products/data-connectivity | Product |
Configurations
Configuration 1 (hide)
|
History
18 May 2022, 14:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:insightsoftware:magnitude_simba_amazon_athena_jdbc_driver:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/ - Vendor Advisory | |
References | (MISC) https://www.magnitude.com/products/data-connectivity - Product | |
First Time |
Insightsoftware magnitude Simba Amazon Athena Jdbc Driver
Insightsoftware |
|
CWE | CWE-88 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
09 May 2022, 18:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-09 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-30239
Mitre link : CVE-2022-30239
CVE.ORG link : CVE-2022-30239
JSON object : View
Products Affected
insightsoftware
- magnitude_simba_amazon_athena_jdbc_driver
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')