Primary

Context

Amazon Athena ODBC Driver Improper Certificate Validation Vulnerability in Identity Provider Connections

Vulnerability

A vulnerability exists in the Amazon Athena ODBC driver, specifically in versions prior to 2.1.0.0, due to improper certificate validation in the identity provider connection components. This flaw could allow a man-in-the-middle attacker to intercept authentication credentials by exploiting insufficient default transport security when connecting to external identity providers. The issue does not affect connections made directly to Athena.

Impact

The vulnerability could lead to interception of authentication credentials, allowing unauthorized access to services or data.

Remediation

Users should upgrade to the Amazon Athena ODBC driver version 2.1.0.0 or later. The updated driver is available for download on the Amazon Athena ODBC 2.x driver release notes page.

Added: Apr 3, 2026, 9:21 PM

Updated: Apr 3, 2026, 9:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

5.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

5.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Amazon Athena ODBC Driver Improper Certificate Validation Vulnerability in Identity Provider Connections

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating