CVE-2022-30239

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/	Vendor Advisory
https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/	Vendor Advisory
https://www.magnitude.com/products/data-connectivity	Product
https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/	Vendor Advisory
https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/	Vendor Advisory
https://www.magnitude.com/products/data-connectivity	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:insightsoftware:magnitude_simba_amazon_athena_jdbc_driver:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:02

Type	Values Removed	Values Added
References	~~() https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/ - Vendor Advisory~~	() https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/ - Vendor Advisory
References	~~() https://www.magnitude.com/products/data-connectivity - Product~~	() https://www.magnitude.com/products/data-connectivity - Product

Information

Published : 2022-05-09 18:15

Updated : 2024-11-21 07:02

NVD link : CVE-2022-30239

Mitre link : CVE-2022-30239

CVE.ORG link : CVE-2022-30239

JSON object : View

Products Affected

insightsoftware

magnitude_simba_amazon_athena_jdbc_driver

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

{"id": "CVE-2022-30239", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-05-09T18:15:08.783", "references": [{"url": "https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.magnitude.com/products/data-connectivity", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.magnitude.com/products/data-connectivity", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de argumentos en el componente de autenticaci\u00f3n basado en el navegador del controlador JDBC de Magnitude Simba Amazon Athena versiones 2.0.25 hasta 2.0.28 puede permitir que un usuario local ejecute c\u00f3digo. NOTA: esto es diferente de CVE-2022-29971"}], "lastModified": "2024-11-21T07:02:26.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insightsoftware:magnitude_simba_amazon_athena_jdbc_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B07CEFD1-B8EF-4C8D-AA31-A17C7CF5374F", "versionEndExcluding": "2.0.29", "versionStartIncluding": "2.0.25"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}