CVE-2022-29971

HIGH

Magnitude Simba Amazon Athena ODBC Driver <1.1.17 - Command Injection

Title source: llm

Description

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code.

References (2)

[Vendor Advisory] https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/

[Product] https://www.magnitude.com/products/data-connectivity

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 45.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-88

Status published

Affected Products (1)

insightsoftware/magnitude_simba_amazon_athena_odbc_driver < 1.1.17

Timeline

Published May 09, 2022

Tracked Since Feb 18, 2026