Main Vulnerability Database SB2022050916

SB2022050916 - Code Injection in Magnitude Simba Amazon Redshift JDBC Driver

Published: May 9, 2022

Security Bulletin ID SB2022050916

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Code Injection (CVE-ID: CVE-2022-30240)

The vulnerability allows a local user to escalate privileges within the application.

The vulnerability exists due to argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver and involves improper validation of authentication tokens. A local user can escalate privileges within the affected application.

Remediation

Install update from vendor's website.

References

https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/