Security Announcement on CVE-2024-1597

We will update this announcement with new details as they emerge from our analysis. Please check back periodically.

Last update: 07 August 2024, 9:50 AM CET

CVE-2024-1597 is a critical vulnerability, rated 9.8. It affects pgjdbc, the PostgreSQL JDBC Driver. pgjdbc allows attackers to inject SQL if using PreferQueryMode=SIMPLE. PreferQueryMode=SIMPLE is not the default mode. In the default mode there is no vulnerability.

The PostgreSQL JDBC Driver is used as a 3rd party component in our products. The integration only uses the default mode. This means that there is no security vulnerability if the default mode has not been administratively changed by the customer.

The update of the PostgreSQL JDBC Driver will take place during our standard security patch cycles with normal priority.

Further official information on this can be found at the National Institute of Standards and Technology.

The PostgreSQL JDBC Driver is used by enaio® coLab, yuuvis® RAD and yuuvis® Momentum.

Navigation

Navigate through the help pages using the table of contents on the left. If it is not displayed when the window width is small, you can temporarily show it via the hamburger menu on the right.

Use the arrows on the toolbar to navigate to the next/previous page.

You can show hidden areas. Use the toolbar to show all hidden areas at once:

Clicking the product icon in the header returns you to the beginning of the current area. Use the toolbar to access the initial page: