Main Vulnerability Database SB2022050918

SB2022050918 - Remote code execution in Microsoft Integration Runtime (Magnitude Simba Amazon Redshift ODBC Driver)

Published: May 9, 2022

Security Bulletin ID SB2022050918

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Code Injection (CVE-ID: CVE-2022-29972)

The vulnerability allows a local user to escalate privileges within the application.

The vulnerability exists due to argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver and involves improper validation of authentication tokens. A local user can escalate privileges within the affected application.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29972
https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV220001