Security Announcement on CVE-2024-1597
We will update this announcement with new details as they emerge from our analysis. Please check back periodically.
Last update: 07 August 2024, 9:50 AM CET
CVE-2024-1597 is a critical vulnerability, rated 9.8. It affects pgjdbc, the PostgreSQL JDBC Driver. pgjdbc allows attackers to inject SQL if using PreferQueryMode=SIMPLE. PreferQueryMode=SIMPLE is not the default mode. In the default mode there is no vulnerability.
The PostgreSQL JDBC Driver is used as a 3rd party component in our products. The integration only uses the default mode. This means that there is no security vulnerability if the default mode has not been administratively changed by the customer.
The update of the PostgreSQL JDBC Driver will take place during our standard security patch cycles with normal priority.
Further official information on this can be found at the National Institute of Standards and Technology.
The PostgreSQL JDBC Driver is used by enaio® coLab, yuuvis® RAD and yuuvis® Momentum.