Vulnerabilities > CVE-2022-41828 - Incorrect Type Conversion or Cast vulnerability in Amazon web Services Redshift Java Database Connectivity Driver

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
amazon
CWE-704

Summary

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.

Common Weakness Enumeration (CWE)