RCE in N/a

CVE-2024-54660

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.005 (41.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N.

Affected products

  • N/a — versions n/a

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-54660?
CVE-2024-54660 is a high-severity vulnerability in N/a, classified under Command Injection. CVSS score: 8.7/10. Published 2025-01-16.
How severe is CVE-2024-54660?
High severity. CVSS v3 base score is 8.7 out of 10.