Magnitude Simba Redshift and Athena Driver Vulnerability
Security Advisory
Description
A vulnerability has been discovered that affects the Amazon Redshift ODBC and JDBC drivers and Amazon Athena ODBC and JDBC drivers. These drivers are developed and maintained by Magnitude Simba. Magnitude is an insightsoftware company. The vulnerability involves improper validation of authentication tokens which may allow for unintended program invocation. To exploit this vulnerability, the attacker must be locally authenticated as a user on the system. We have identified and resolved the root cause of the vulnerability.
Resolution
To remediate the vulnerability, update to the fixed version indicated in the response matrix below. Magnitude Simba customers can download fixed versions from the Magnitude Support Portal.
Updated drivers have been provided to downstream vendors who package and deliver them to their customers. If you obtained the driver from another authorized source, then please download the update there.
Response Matrix
| Product | Vulnerable Version | CVE Identifier | Fixed Version | Workaround |
|---|---|---|---|---|
| Magnitude Simba Amazon Redshift ODBC Driver |
1.4.11 – 1.4.21.1001, 1.4.22 – 1.4.51 |
CVE-2022-29972 | 1.4.52 | None |
| Magnitude Simba Amazon Athena ODBC Driver |
1.1.1 – 1.1.16 | CVE-2022-29971 | 1.1.17 | None |
| Magnitude Simba Amazon Redshift JDBC Driver |
1.2.40 – 1.2.55 | CVE-2022-30240 | 1.2.56 | None |
| Magnitude Simba Amazon Athena JDBC Driver |
2.0.25 – 2.0.28 | CVE-2022-30239 | 2.0.29 | None |