How severe is CVE-2024-54660?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.7 out of 10.

What type of vulnerability is CVE-2024-54660?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2024-54660 - HIGH Severity | CVSS 8.7

Vulnerability Description

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This could lead to remote code execution. JNDI injection is possible via the JDBC connection property krbJAASFile for the Java Authentication and Authorization Service (JAAS). Using untrusted parameters in the krbJAASFile and/or remote host can trigger JNDI injection in the JDBC URL through the krbJAASFile.

Related Vulnerabilities

CVE-2019-11278

HIGH

CVSS:8.7(High)

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information th...

CWE-772019

CVE-2019-11279

HIGH

CVSS:8.7(High)

CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any s...

CWE-772019

CVE-2022-41800

HIGH

CVSS:8.7(High)

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl RE...

CWE-772022

CVE-2025-23239

HIGH

CVSS:8.7(High)

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security...

CWE-772025

CVE-2025-31644

HIGH

CVSS:8.7(High)

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrat...

CWE-772025

CVE-2024-1540

HIGH

CVSS:8.6(High)

A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerab...

CWE-772024