CVE-2024-12744 – This SQL injection vulnerability in Amazon Reds... (How to Fix)

Q: What is the severity of CVE-2024-12744?

CVE-2024-12744 has a CVSS score of 8.0 (HIGH). This SQL injection vulnerability in Amazon Redshift JDBC Driver version 2.1.0.31 allows attackers to execute arbitrary SQL commands through the getSchemas, getTables, or getColumns Metadata APIs. This can lead to privilege escalation and unauthorized database access. Organizations using the vulnerable driver version in their Redshift applications are affected.

📋 TL;DR

This SQL injection vulnerability in Amazon Redshift JDBC Driver version 2.1.0.31 allows attackers to execute arbitrary SQL commands through the getSchemas, getTables, or getColumns Metadata APIs. This can lead to privilege escalation and unauthorized database access. Organizations using the vulnerable driver version in their Redshift applications are affected.

💻 Affected Systems

Products:

Amazon Redshift JDBC Driver

Versions: Version 2.1.0.31 only

Operating Systems: All platforms where the driver is used

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications using the specific vulnerable driver version. Applications must call the vulnerable Metadata APIs to be exploitable.

📦 What is this software?

Amazon Web Services Redshift Java Database Connectivity Driver by Amazon

View all CVEs affecting Amazon Web Services Redshift Java Database Connectivity Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise including data exfiltration, privilege escalation to admin, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized data access, privilege escalation within the database, and potential data manipulation.

🟢

If Mitigated

Limited impact due to network segmentation, least privilege database accounts, and proper input validation in application layer.

🌐 Internet-Facing: MEDIUM - Applications exposing Redshift JDBC connections to untrusted users are at risk, but typically these connections are internal.

🏢 Internal Only: HIGH - Internal applications using the vulnerable driver with database credentials can be exploited by authenticated users or attackers who gain internal access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the ability to call the vulnerable Metadata APIs, which typically requires some level of application access. SQL injection is a well-understood attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.0.32

Vendor Advisory: https://aws.amazon.com/security/security-bulletins/AWS-2024-015/

Restart Required: Yes

Instructions:

1. Identify all applications using Amazon Redshift JDBC Driver. 2. Check driver version in each application. 3. Update to version 2.1.0.32 from Maven Central or AWS download page. 4. Rebuild and redeploy applications. 5. Restart applications to load new driver.

🔧 Temporary Workarounds

Revert to previous version

all

Downgrade to version 2.1.0.30 which is not vulnerable

Update pom.xml dependency: <version>2.1.0.30</version>
Update build.gradle: implementation 'com.amazon.redshift:redshift-jdbc42:2.1.0.30'

Application-level input validation

all

Implement strict input validation and parameterized queries in application code

🧯 If You Can't Patch

Implement network segmentation to restrict database access to trusted applications only
Use database accounts with minimal required privileges and audit all database access

🔍 How to Verify

Check if Vulnerable:

Check the JDBC driver version in your application dependencies or classpath. For Maven: mvn dependency:tree | grep redshift-jdbc. For Gradle: gradle dependencies | grep redshift-jdbc.

Check Version:

java -cp redshift-jdbc42-*.jar com.amazon.redshift.Driver --version

Verify Fix Applied:

Verify the driver version is 2.1.0.32 or 2.1.0.30 after update. Test the getSchemas, getTables, and getColumns APIs with SQL injection payloads to confirm they're rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries from application users
Multiple failed login attempts followed by successful privileged access
Unexpected schema or table enumeration

Network Indicators:

Unusual database query patterns from application servers
SQL syntax errors in database logs indicating injection attempts

SIEM Query:

source="redshift-logs" AND ("getSchemas" OR "getTables" OR "getColumns") AND (sql="*' OR '1'='1*" OR sql="*;--*" OR sql="*UNION*SELECT*")

📊 Metadata

CVE ID: CVE-2024-12744

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 24, 2024

Last Updated: October 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12744, you might also want to check these: