CVE-2024-45199

HIGH

insightsoftware Hive JDBC <2.6.13 - RCE

Title source: llm

Description

insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.

References (1)

Core 1

Core References

Various Sources

https://gist.github.com/azraelxuemo/d019ad079d540ef28870dbd9552a7c62

Scores

CVSS v3 8.8

EPSS 0.0053

EPSS Percentile 40.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Published Apr 03, 2025

Tracked Since Feb 18, 2026