CVE-2024-12746 HIGH

CVE-2024-12746: SQL Injection in the Amazon Redshift ODBC Driver affecting v2.1.5.0

Vendor Amazon
Product Amazon Redshift ODBC Driver
Weakness CWE-89 · SQLi
Published December 24, 2024
Last update October 14, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0.

Key dates

02Disclosure timeline

December 24, 2024 CVE published
October 14, 2025 Record updated