216.73.217.86

CVE-2024-55551

· Published 19/03/2025 14:15 · Modified 19/03/2025 19:15

Labels: CVE-2024-55551 2025-03-19CVE-2024-55551CWE-94[email protected]

Essential information

Published
19/03/2025 14:15
Modified
19/03/2025 19:15
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution vulnerability.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
exasol / jdbc driver cpe:2.3:a:exasol:jdbc_driver:24.2.0:*:*:*:*:*:*:*

References