CVE-2024-12746 — Vulnetix

CVE-2024-12746 PUBLISHED CVSS 8.600000381469727 HIGH

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0.

EPSS 0.66% · 71.5th percentile

Risk Scores

CVSS 4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.66%

71.5th percentile

Affected Products

Vendor	Product	Versions
Amazon	Amazon Redshift ODBC Driver	2.1.5.0, 2.1.5.0
amazon	redshift_odbc_driver	2.1.5.0, 2.1.5.0, 2.1.5.0

Exploit Intelligence

CIRCL seen: CVE-2024-12746 (circl-sighting)
CIRCL seen: CVE-2024-12746 (circl-sighting)
CIRCL seen: CVE-2024-12746 (circl-sighting)
CIRCL seen: CVE-2024-12746 (circl-sighting)
CIRCL seen: CVE-2024-12746 (circl-sighting)
CIRCL seen: CVE-2024-12746 (circl-sighting)
CIRCL seen: CVE-2024-12746 (circl-sighting)
https://github.com/aws/amazon-redshift-odbc-driver/security/advisories/GHSA-g63m-5vjv-wr3v (circl)
https://aws.amazon.com/security/security-bulletins/AWS-2024-015/ (circl)
https://github.com/aws/amazon-redshift-odbc-driver/releases/tag/v2.1.6 (circl)

Timeline

Dec 24, 2024 CVE Published
Dec 24, 2024 PoC Published
Dec 24, 2024 PoC Published
Dec 24, 2024 PoC Published
Dec 25, 2024 EPSS Score
Dec 26, 2024 PoC Published
Dec 26, 2024 PoC Published
Dec 26, 2024 PoC Published
Dec 27, 2024 PoC Published
Jan 2, 2025 Coalition ESS Score
Jan 10, 2025 EPSS Score
Jan 26, 2025 EPSS Score

References

https://github.com/aws/amazon-redshift-odbc-driver/security/advisories/GHSA-g63m-5vjv-wr3v vendor-advisory
https://aws.amazon.com/security/security-bulletins/AWS-2024-015/ vendor-advisory
https://github.com/aws/amazon-redshift-odbc-driver/releases/tag/v2.1.6 patch

Open in Interactive Console →