CVE-2022-30240

HIGH

Magnitude Simba Amazon Redshift JDBC Driver <1.2.55 - Command Injec...

Title source: llm

Description

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972.

References (2)

[Vendor Advisory] https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/

[Product] https://www.magnitude.com/products/data-connectivity

Scores

CVSS v3 7.8

EPSS 0.0017

EPSS Percentile 38.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-88

Status published

Affected Products (1)

insightsoftware/magnitude_simba_amazon_redshift_jdbc_driver < 1.2.56

Timeline

Published May 09, 2022

Tracked Since Feb 18, 2026