PT-2024-9952 · Amazon · Amazon Redshift Jdbc Driver
Published
2024-12-23
·
Updated
2025-12-11
·
CVE-2024-12746
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Amazon Redshift ODBC Driver version 2.1.5.0
Description:
A SQL injection issue in the Amazon Redshift ODBC Driver is related to the lack of protection for the SQL query structure. This can allow a remote attacker to gain escalated privileges via the
SQLTables or SQLColumns Metadata APIs.Recommendations:
For Amazon Redshift ODBC Driver version 2.1.5.0, upgrade to driver version 2.1.6.0 or revert to driver version 2.1.4.0 to resolve the issue. As a temporary workaround, consider restricting access to the
SQLTables and SQLColumns Metadata APIs until a patch is applied.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon Redshift Jdbc Driver