Lucene search
GoogleOSV:CVE-2022-41828HistorySep 29, 2022 - 9:15 p.m.
CVE-2022-41828
2022-09-2921:15:12
Google
osv.dev
5
amazon aws
redshift
jdbc driver
security
vulnerability
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
High
EPSS
0.002
Percentile
59.6%
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
Related
github
github
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
2022-10-12 18:23:36
veracode
veracode
Remote Code Execution (RCE)
2022-09-30 03:42:46
osv
osv
ibm
ibm
nvd
nvd
CVE-2022-41828
2022-09-29 21:15:12
cvelist
cvelist
CVE-2022-41828
2022-09-29 00:00:00
cve
cve
CVE-2022-41828
2022-09-29 21:15:12
prion
prion
Design/Logic Flaw
2022-09-29 21:15:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
High
EPSS
0.002
Percentile
59.6%
Related for OSV:CVE-2022-41828