Wiz
Vulnerability DatabaseCVE-2022-30240

CVE-2022-30240
Magnitude Simba Amazon Redshift ODBC Driver vulnerability analysis and mitigation

Overview

An argument injection vulnerability was discovered in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver versions 1.2.40 through 1.2.55 that may allow a local user to execute code. This vulnerability is distinct from CVE-2022-29972 (Vendor Advisory).

Technical details

The vulnerability exists in the browser-based authentication component and involves improper validation of authentication tokens which may allow for unintended program invocation. The vulnerability has a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

Impact

If exploited, this vulnerability could allow an authenticated local attacker to execute arbitrary code on the affected system, potentially leading to unauthorized access to sensitive data or system compromise (NVD).

Mitigation and workarounds

Users should upgrade to Magnitude Simba Amazon Redshift JDBC Driver version 1.2.56 or later which contains fixes for this vulnerability. There are no known workarounds for this issue (Vendor Advisory).

Additional resources

SourceThis report was generated using AI

Related Magnitude Simba Amazon Redshift ODBC Driver vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2022-30240HIGH7.8
  • Magnitude Simba Amazon Redshift ODBC DriverMagnitude Simba Amazon Redshift ODBC Driver
  • cpe:2.3:a:insightsoftware:magnitude_simba_amazon_redshift_odbc_driver
NoYesMay 09, 2022
CVE-2022-29972HIGH7.8
  • Magnitude Simba Amazon Redshift ODBC DriverMagnitude Simba Amazon Redshift ODBC Driver
  • cpe:2.3:a:insightsoftware:magnitude_simba_amazon_redshift_odbc_driver
NoYesMay 09, 2022

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo