What is the severity of CVE-2023-30535?

CVE-2023-30535 is considered a critical vulnerability due to its potential to allow remote attackers to execute arbitrary commands.

How do I fix CVE-2023-30535?

To fix CVE-2023-30535, update the Snowflake JDBC driver to version 3.13.29 or later.

Who is affected by CVE-2023-30535?

CVE-2023-30535 affects users of the Snowflake JDBC driver and certain IBM Cloud Pak for Data products.

What type of vulnerability is CVE-2023-30535?

CVE-2023-30535 is a command injection vulnerability that can be exploited through SSO URL authentication.

Can CVE-2023-30535 be exploited remotely?

Yes, CVE-2023-30535 can be exploited remotely by authenticating users who connect to a malicious server.

Vulnerability/
CVE-2023-30535

high

8.8

CWE

77 20

14/4/2023

20/2/2025

CVE-2023-30535: Snowflake JDBC vulnerable to command injection via SSO URL authentication

First published: Fri Apr 14 2023(Updated: )

Snowflake Computing Snowflake JDBC could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the SSO URL authentication. By persuading a victim to connect to a specially crafted server, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Snowflake Snowflake Jdbc	<3.13.29
IBM Data Virtualization on Cloud Pak for Data	<=3.0
IBM Watson Query with Cloud Pak for Data as a Service	<=2.2
IBM Watson Query with Cloud Pak for Data as a Service	<=2.1
IBM Watson Query with Cloud Pak for Data as a Service	<=2.0
IBM Data Virtualization on Cloud Pak for Data	<=1.8
IBM Data Virtualization on Cloud Pak for Data	<=1.7

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7183851

Frequently Asked Questions

What is the severity of CVE-2023-30535?
CVE-2023-30535 is considered a critical vulnerability due to its potential to allow remote attackers to execute arbitrary commands.
How do I fix CVE-2023-30535?
To fix CVE-2023-30535, update the Snowflake JDBC driver to version 3.13.29 or later.
Who is affected by CVE-2023-30535?
CVE-2023-30535 affects users of the Snowflake JDBC driver and certain IBM Cloud Pak for Data products.
What type of vulnerability is CVE-2023-30535?
CVE-2023-30535 is a command injection vulnerability that can be exploited through SSO URL authentication.
Can CVE-2023-30535 be exploited remotely?
Yes, CVE-2023-30535 can be exploited remotely by authenticating users who connect to a malicious server.

collector/nvd-index
agent/weakness
agent/type
agent/author
agent/title
agent/severity
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/source
agent/description
agent/event
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/snowflake
canonical/snowflake snowflake jdbc
vendor/ibm
canonical/ibm data virtualization on cloud pak for data
version/ibm data virtualization on cloud pak for data/3.0
canonical/ibm watson query with cloud pak for data as a service
version/ibm watson query with cloud pak for data as a service/2.2
version/ibm watson query with cloud pak for data as a service/2.1
version/ibm watson query with cloud pak for data as a service/2.0
version/ibm data virtualization on cloud pak for data/1.8
version/ibm data virtualization on cloud pak for data/1.7