Back to CVE List

CVE-2026-35560

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.4 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Description

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena.

To remediate this issue, users should upgrade to version 2.1.0.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-295
Source
NVD
Vendor
Amazon
Product
Amazon Athena ODBC driver

External References

Discussion (0)

Add Comment

No comments yet. Be the first!