VDB
CVE-2024-12744
CVE-2024-12744
PUBLISHED
CVSS 8.600000381469727 HIGH
Amazon Redshift JDBC Driver vulnerable to SQL Injection
EPSS 0.76% · 73.7th percentile
Risk Scores
CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.76%
73.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | com.amazon.redshift:redshift-jdbc42 | 2.1.0.31, 2.1.0.31, 2.1.0.31 |
| amazon | amazon_web_services_redshift_java_database_connectivity_driver | 2.1.0.31, 2.1.0.31, 2.1.0.31 |
| Amazon | Amazon Redshift JDBC Driver | 2.1.0.31, 2.1.0.31 |
Exploit Intelligence
- CIRCL seen: CVE-2024-12744 (circl-sighting)
- CIRCL seen: CVE-2024-12744 (circl-sighting)
- CIRCL seen: CVE-2024-12744 (circl-sighting)
- CIRCL seen: CVE-2024-12744 (circl-sighting)
- CIRCL seen: CVE-2024-12744 (circl-sighting)
- CIRCL seen: CVE-2024-12744 (circl-sighting)
- CIRCL seen: CVE-2024-12744 (circl-sighting)
- https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-8596-2jgr-ppj7 (circl)
- https://aws.amazon.com/security/security-bulletins/AWS-2024-015/ (circl)
- https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.1.0.32 (circl)
Timeline
- Dec 24, 2024 Coalition ESS Score
- Dec 24, 2024 CVE Published
- Dec 24, 2024 PoC Published
- Dec 24, 2024 PoC Published
- Dec 24, 2024 PoC Published
- Dec 25, 2024 EPSS Score
- Dec 26, 2024 PoC Published
- Dec 26, 2024 PoC Published
- Dec 26, 2024 PoC Published
- Dec 27, 2024 PoC Published
- Jan 2, 2025 Coalition ESS Score
- Jan 10, 2025 EPSS Score
References
- https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-8596-2jgr-ppj7 vendor-advisory
- https://aws.amazon.com/security/security-bulletins/AWS-2024-015/ vendor-advisory
- https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.1.0.32 patch
- https://nvd.nist.gov/vuln/detail/CVE-2024-12744 advisory
- https://aws.amazon.com/security/security-bulletins/AWS-2024-015 url
- https://github.com/aws/amazon-redshift-jdbc-driver package