What is CVE-2024-1597?

CVE-2024-1597 is a critical vulnerability affecting the PostgreSQL JDBC Driver, specifically when using the non-default connection property "preferQueryMode=simple." This vulnerability allows an attacker to inject SQL, potentially leading to sensitive information disclosure, data modification, or even a denial of service. Systems using vulnerable versios of the PostgreSQL JDBC Driver (versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28) with the "preferQueryMode=simple" setting are at risk. It's essential for affected organizations to update their software to mitigate this threat.

Who is impacted?

The CVE-2024-1597 vulnerability affects users of the PostgreSQL JDBC Driver who have enabled the non-default connection property "preferQueryMode=simple." It is important to note that this vulnerability does not impact users in the default mode. Affected versions include those up to 42.2.27, from 42.3.0 to 42.3.8, from 42.4.0 to 42.4.3, from 42.5.0 to 42.5.4, from 42.6.0 to 42.6.0, and from 42.7.0 to 42.7.1. Users of EnterpriseDB pgJDBC and other products that bundle these versions, such as Atlassian Bamboo Data Center and Server, and IBM Maximo Application Suite, are also affected.

What to do if CVE-2024-1597 affected you

If you're affected by the CVE-2024-1597 vulnerability, it's crucial to take action to protect your system. Follow these simple steps:

1. Update your PostgreSQL JDBC Driver to a patched version, as mentioned in the security advisory.

2. Review your application code to ensure it doesn't have vulnerable SQL that negates a parameter value, as suggested by GitHub.

3. Avoid using the connection property "preferQueryMode=simple" to minimize the risk of exploitation.

4. Keep your software up-to-date and apply security patches as needed.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1597 vulnerability, also known as "SQL Injection via line comment generation," is not listed in CISA's Known Exploited Vulnerabilities Catalog. This critical vulnerability affects certain PostgreSQL JDBC driver versions and requires users to update their software to patched versions (42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28) and avoid using the connection property "preferQueryMode=simple" to mitigate the risk.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-89, which refers to SQL injection issues in the PostgreSQL JDBC Driver.

Learn More

CVE-2024-1597 is a critical SQL injection vulnerability affecting specific PostgreSQL JDBC Driver configurations. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• oss-security - CVE-2024-1597: PostgreSQL pgjdbc: SQL injection in non-default configuration

• SQL Injection via line comment generation · Advisory · pgjdbc/pgjdbc · GitHub

• CVE-2024-1597 PostgreSQL Vulnerability in NetApp Products | NetApp Product Security