CVE-2024-55551

CVSS v3.1

8.3

High

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Exasol jdbc driver version 24.2.0

Description An issue was discovered in the Exasol jdbc driver, where attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.

Recommendations For Exasol jdbc driver version 24.2.0, update the driver to prevent JNDI injection attacks. As a temporary workaround, consider restricting the use of the JDBC URL to minimize the risk of exploitation.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-471

Related Identifiers

CVE-2024-55551

Affected Products

Exasol Jdbc Driver

CVE-2024-55551

Weakness Enumeration

Related Identifiers

Affected Products

References · 15