Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2024-54660 | First vendor Publication | 2025-01-16 |
| Vendor | Cve | Last vendor Modification | 2025-02-03 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This could lead to remote code execution. JNDI injection is possible via the JDBC connection property krbJAASFile for the Java Authentication and Authorization Service (JAAS). Using untrusted parameters in the krbJAASFile and/or remote host can trigger JNDI injection in the JDBC URL through the krbJAASFile. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54660 |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2025-02-04 00:20:41 |
|
| 2025-01-17 00:20:30 |
|
