CVE-2024-45198

HIGH

insightsoftware Spark JDBC 2.6.21 - RCE

Title source: llm

Description

insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.

References (1)

Core 1

Core References

Various Sources

https://gist.github.com/azraelxuemo/ef11311ae0633cbd3d794f73c64e3877

Scores

CVSS v3 8.8

EPSS 0.0053

EPSS Percentile 40.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Published Apr 03, 2025

Tracked Since Feb 18, 2026