CVE-2022-30239

HIGH

Magnitude Simba Amazon Athena JDBC Driver <2.0.29 - Command Injection

Title source: llm

Description

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971.

References (2)

[Vendor Advisory] https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/

[Product] https://www.magnitude.com/products/data-connectivity

Scores

CVSS v3 7.8

EPSS 0.0017

EPSS Percentile 38.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-88

Status published

Affected Products (1)

insightsoftware/magnitude_simba_amazon_athena_jdbc_driver < 2.0.29

Timeline

Published May 09, 2022

Tracked Since Feb 18, 2026