Lucene search
HistorySep 29, 2022 - 9:15 p.m.
CVE-2022-41828
amazon
redshift
jdbc driver
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
59.6%
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
Affected configurations
Node
amazonamazon_web_services_redshift_java_database_connectivity_driverRange<2.1.0.8
Related
github
github
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
2022-10-12 18:23:36
ibm
ibm
osv
osv
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
2022-10-12 18:23:36
AWS Redshift JDBC Driver fails to validate class type during object instantiation
2022-09-30 00:00:20
CVE-2022-41828
2022-09-29 21:15:12
veracode
veracode
Remote Code Execution (RCE)
2022-09-30 03:42:46
cve
cve
CVE-2022-41828
2022-09-29 21:15:12
cvelist
cvelist
CVE-2022-41828
2022-09-29 00:00:00
prion
prion
Design/Logic Flaw
2022-09-29 21:15:00
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
59.6%
Related for NVD:CVE-2022-41828