Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Feedly found the first article mentioning CVE-2022-29972. See article
The CVE-2022-29972 vulnerability in the Magnitude Simba Redshift ODBC connector poses a critical risk as it allows for remote code execution through shell injection. This vulnerability has not been reported as being exploited in the wild yet, but proof-of-concept exploits may exist. It is recommended to apply any available patches or mitigations to prevent potential attacks and to assess any downstream impacts on third-party vendors using this connector. See article
EPSS Score was set to: 0.05% (Percentile: 12.4%)