CVE-2024-45199

Summary

CVE-2024-45199 is a newly disclosed vulnerability affecting insightsoftware Hive JDBC versions up to 2.6.13. This issue allows remote code execution, enabling attackers to inject malicious parameters into the JDBC URL. During the process of connecting to the database using the JDBC Driver, JNDI injection occurs, providing an attacker with the ability to execute arbitrary code. This vulnerability poses a significant risk, as it can be exploited over the network without requiring authentication. It is important for organizations using the affected version of insightsoftware Hive JDBC to apply the necessary patches as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.