Databricks JDBC Driver Update Advisory (CVE-2024-49194)

Dec 19 2024

Overview

An update has been released to address vulnerabilities in Databricks JDBC Driver. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-49194

JDBC Driver versions: ~ 2.6.38 (inclusive)

Resolved Vulnerabilities

Vulnerability that could allow remote code execution (RCE) by triggering JNDI injection via JDBC URL parameters (CVE-2024-49194)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-49194

JDBC Driver version: 2.6.40 or later version

Referenced Sites

[1] CVE-2024-49194 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-49194

[2] Security Bulletin: Databricks JDBC Driver Vulnerability Advisory – [CVE-2024-49194]

https://kb.databricks.com/en_US/data-sources/security-bulletin-databricks-jdbc-driver-vulnerability-advisory-cve-2024-49194

Databricks JDBC Driver Update Advisory (CVE-2024-49194)

Apache Tomcat December Vulnerability Security Update Advisory

BeyondTrust Product Security Update Advisory (CVE-2024-12356)

Tags:

Apache Tomcat December Vulnerability Security Update Advisory

BeyondTrust Product Security Update Advisory (CVE-2024-12356)