Lucene search

[email protected]CVE-2022-29972

HistoryMay 09, 2022 - 6:15 p.m.

CVE-2022-29972

2022-05-0918:15:08

CWE-88

[email protected]

web.nvd.nist.gov

183

cve-2022

browser-based authentication

magnitude simba

amazon redshift

odbc driver

vulnerability

code execution

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.3%

JSON

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.

Affected configurations

NVD

Node

insightsoftwaremagnitude_simba_amazon_redshift_odbc_driverRange1.4.11–1.4.21.1001

insightsoftwaremagnitude_simba_amazon_redshift_odbc_driverRange1.4.22–1.4.52

CPENameOperatorVersion
insightsoftware:magnitude_simba_amazon_redshift_odbc_driverinsightsoftware magnitude simba amazon redshift odbc driverle1.4.21.1001
insightsoftware:magnitude_simba_amazon_redshift_odbc_driverinsightsoftware magnitude simba amazon redshift odbc driverlt1.4.52

CPE	Name	Operator	Version
insightsoftware:magnitude_simba_amazon_redshift_odbc_driver	insightsoftware magnitude simba amazon redshift odbc driver	le	1.4.21.1001
insightsoftware:magnitude_simba_amazon_redshift_odbc_driver	insightsoftware magnitude simba amazon redshift odbc driver	lt	1.4.52