CVE-2026-35560 in Athena ODBC Driver
Sumário (Inglês)
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena.
To remediate this issue, users should upgrade to version 2.1.0.0.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Responsável
AMZN
Reservar
03/04/2026
Divulgação
04/04/2026
Estado
Confirmado
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 355188 | Amazon Athena ODBC Driver Autenticação fraca | 295 | Não definido | Correção oficial | CVE-2026-35560 |
Descrição
CPE
CWE
CVSS
Explorações
História
Diferença
Relacionar
Inteligência de ameaças
API JSON
API XML
API CSV