1. Home
  2. CVE Database
  3. CVE-2024-12744
HIGH · 8.0

CVE-2024-12744

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the drive...

Vulnerability Description

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AmazonAmazon Web Services Redshift Java Database Connectivity Driver2.1.0.31

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2024-12744?

CVE-2024-12744 is a vulnerability with a CVSS score of 8.0 (HIGH). A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the drive...

How severe is CVE-2024-12744?

CVE-2024-12744 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-12744?

Check the references section above for vendor advisories and patch information. Affected products include: Amazon Amazon Web Services Redshift Java Database Connectivity Driver.