CVE-2024-12745 is a SQL injection vulnerability classified under CWE-89, found in Amazon Redshift Python Connector version 2.1.4. The flaw exists due to improper neutralization of special elements used in SQL commands within the Metadata APIs: get_schemas, get_tables, and get_columns. These APIs are designed to retrieve metadata about database schemas, tables, and columns, but the vulnerability allows an attacker to inject malicious SQL code through these interfaces. Exploiting this vulnerability enables an attacker to escalate privileges beyond their intended access level, potentially gaining unauthorized access to sensitive data or executing arbitrary SQL commands. The vulnerability does not require prior authentication but does require user interaction to invoke the vulnerable APIs. The CVSS 4.0 base score is 8.6, indicating high severity with network attack vector, low attack complexity, no privileges required, and user interaction needed. The impact on confidentiality, integrity, and availability is high, as attackers can manipulate or exfiltrate data and disrupt operations. Amazon has addressed this issue in version 2.1.5 of the connector and recommends upgrading or reverting to version 2.1.3 to avoid the vulnerability. No known exploits are currently reported in the wild, but the risk remains significant due to the nature of the flaw and the widespread use of Redshift in cloud data analytics.

For European organizations, this vulnerability poses a significant risk to data security and operational integrity, especially for those relying on Amazon Redshift for data warehousing and analytics. Exploitation could lead to unauthorized data access, data corruption, or denial of service, impacting compliance with GDPR and other data protection regulations. Sectors such as finance, healthcare, telecommunications, and critical infrastructure, which often handle sensitive or regulated data, are particularly vulnerable. The ability to escalate privileges without authentication increases the threat level, potentially allowing insider threats or compromised user accounts to cause extensive damage. Additionally, disruption of data analytics workflows could affect business continuity and decision-making processes. The vulnerability's presence in a widely used cloud connector amplifies the risk across multinational corporations and cloud service providers operating within Europe.

Organizations should immediately upgrade the Amazon Redshift Python Connector to version 2.1.5, which contains the fix for this vulnerability. If upgrading is not immediately feasible, reverting to version 2.1.3 is a temporary mitigation. Beyond patching, organizations should implement strict access controls and monitoring on Redshift environments, including limiting use of the vulnerable Metadata APIs to trusted users only. Employing Web Application Firewalls (WAFs) or database activity monitoring tools to detect anomalous SQL queries can help identify exploitation attempts. Regularly auditing database permissions and reviewing logs for suspicious activity is critical. Additionally, organizations should enforce the principle of least privilege for users interacting with Redshift and consider network segmentation to isolate critical data environments. Training developers and administrators on secure coding and query parameterization can prevent similar injection flaws in custom integrations.