CVE-2024-49194

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Dec 17, 2024

Updated: Dec 18, 2024

CWE ID 77

Summary

CVE-2024-49194 is a remote code execution (RCE) vulnerability affecting the Databricks JDBC Driver before version 2.6.40. This issue arises due to the driver's mishandling of the krbJAASFile parameter in JDBC URLs. An attacker could exploit this vulnerability by crafting a connection URL containing a malicious JNDI injection, which may result in RCE in the context of the driver. This flaw poses a significant risk, as it allows an attacker to execute arbitrary code on affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Sun Microsystems, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zeLu2Z
https://www.cve.org/CVERecord?id=CVE-2024-49194
https://nvd.nist.gov/vuln/detail/CVE-2024-49194

Back to Vulnerability Database

CVE-2024-49194

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations