CVE-2024-55551

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-471
View all →

Vulnerability Description

An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.

Related Vulnerabilities

CVE-2020-8268

HIGH
CVSS:7.5(High)

Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.

CWE-4712020

CVE-2020-8116

HIGH
CVSS:7.3(High)

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as o...

CWE-4712020

CVE-2023-2904

HIGH
CVSS:7.3(High)

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log ...

CWE-4712023

CVE-2024-9876

HIGH
CVSS:7.3(High)

: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.

CWE-4712024

CVE-2022-21824

HIGH
CVSS:8.2(High)

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with...

CWE-4712022

CVE-2022-2390

HIGH
CVSS:8.4(High)

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this...

CWE-4712022