CVE-2022-29972

HIGH

Magnitude Simba Amazon Redshift ODBC Driver <1.4.52 - Command Injec...

Title source: llm

Description

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.

References (2)

[Vendor Advisory] https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/

[Product] https://www.magnitude.com/products/data-connectivity

Scores

CVSS v3 7.8

EPSS 0.0057

EPSS Percentile 68.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-88

Status published

Affected Products (1)

insightsoftware/magnitude_simba_amazon_redshift_odbc_driver < 1.4.21.1001

Timeline

Published May 09, 2022

Tracked Since Feb 18, 2026