Home > Vulnerability Database > CVE-2024-12746

Mend.io Vulnerability Database

CVE-2024-12746

Date: December 24, 2024

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0.

Severity Score

8.0

Related Resources (5)

Url: https://aws.amazon.com/security/security-bulletins/AWS-2024-015/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-12746

Url: https://github.com/aws/amazon-redshift-odbc-driver/security/advisories/GHSA-g63m-5vjv-wr3v

Url: https://github.com/aws/amazon-redshift-odbc-driver/releases/tag/v2.1.6

Url: https://www.mend.io/vulnerability-database/CVE-2024-12746

Severity Score

8.0

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-12746

Date: December 24, 2024

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?