CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-1597

Critical Severity
Postgresql
SVRS
88/100
CVSSv3
9.8/10
EPSS
0.00118/1

CVE-2024-1597 is a critical SQL Injection vulnerability in pgjdbc, the PostgreSQL JDBC Driver. This vulnerability allows attackers to inject SQL code if the application is using the non-default PreferQueryMode=SIMPLE. SOCRadar's Vulnerability Risk Score (SVRS) of 88 indicates that this is a critical vulnerability, requiring immediate attention. Attackers can bypass parameterized query protections by crafting specific string payloads with carefully placed numeric and string placeholders on the same line. This injected SQL can then alter the intended query, leading to unauthorized data access or modification.

The vulnerability is present in pgjdbc versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28. Given the high CVSS score of 9.8 and the "In The Wild" tag, organizations using affected versions of pgjdbc with PreferQueryMode=SIMPLE enabled are at immediate risk of data breaches and should upgrade immediately. The high SVRS further emphasizes the urgency to patch or mitigate this security risk.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-02-19
LAST MODIFIED2024-06-10
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-1597 is a SQL injection vulnerability in pgjdbc, the PostgreSQL JDBC Driver. This vulnerability allows an attacker to inject SQL if using PreferQueryMode=SIMPLE. The default mode is not vulnerable. By constructing a matching string payload, the attacker can inject SQL to alter the query, bypassing the protections that parameterized queries bring against SQL Injection attacks.

Key Insights

  • The CVSS score of 10 indicates that this vulnerability is critical and requires immediate attention.
  • The SVRS score of 56 indicates that this vulnerability is moderately severe and requires attention within 24-48 hours.
  • This vulnerability is actively exploited by hackers in the wild.

Mitigation Strategies

  • Update to pgjdbc version 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, or 42.2.8.
  • Use parameterized queries to prevent SQL injection attacks.
  • Implement input validation to prevent attackers from submitting malicious input.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-1597 | PostgreSQL pgjdbc up to 42.7.1 Simple Query Mode sql injection (GHSA-24rp-q3w6-vc56 / Nessus ID 213039)
vuldb.com2024-12-16
CVE-2024-1597 | PostgreSQL pgjdbc up to 42.7.1 Simple Query Mode sql injection (GHSA-24rp-q3w6-vc56 / Nessus ID 213039) | A vulnerability was found in PostgreSQL pgjdbc up to 42.7.1. It has been rated as critical. This issue affects some unknown processing of the component Simple Query Mode. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-1597. The
vuldb.com
rss
forum
news
5 Critical Threat Actors You Need to Know About
Chris Morgan2024-12-02
5 Critical Threat Actors You Need to Know About | In this spotlight, we explore ransomware service provider “RansomHub,” data vendor “IntelBroker,” advanced persistent threat (APT) groups “APT41” and “APT29,” and hacktivist gang “KillSec.”Key Points State-affiliated threat groups “APT29” and “APT41” have been at the forefront of Russian and Chinese espionage activity, which will likely continue in the medium-term future (6-12 months). Data vendor “IntelBroker,” acting admin of BreachForums, has significant oversight of
digitalshadows.com
rss
forum
news
5 Critical Threat Actors You Need to Know About - ReliaQuest
2024-10-30
5 Critical Threat Actors You Need to Know About - ReliaQuest | News Content: Key Points State-affiliated threat groups “APT29” and “APT41” have been at the forefront of Russian and Chinese espionage activity, which will likely continue in the medium-term future (6-12 months). Data vendor “IntelBroker,” acting admin of BreachForums, has significant oversight of activities being conducted by various threat actors on the largest English-language cybercriminal forum. In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Hacktivist gang “KillSec,” originally aligned with the “Anonymous” hacktivist collective
google.com
rss
forum
news
5 Critical Threat Actors You Need to Know About
Chris Morgan2024-10-31
5 Critical Threat Actors You Need to Know AboutKey Points State-affiliated threat groups “APT29” and “APT41” have been at the forefront of Russian and Chinese espionage activity, which will likely continue in the medium-term future (6-12 months). Data vendor “IntelBroker,” acting admin of BreachForums, has significant oversight of activities being conducted by various threat actors on the largest English-language cybercriminal forum. In Q3 2024, ransomware
digitalshadows.com
rss
forum
news
5 Critical Threat Actors You Need to Know About - ReliaQuest
2024-10-30
5 Critical Threat Actors You Need to Know About - ReliaQuest | URL: https://www.reliaquest.com/blog/5-critical-threat-actors-you-need-to-know-about/ | Description: Key Points State-affiliated threat groups “APT29” and “APT41” have been at the forefront of Russian and Chinese espionage activity, which will likely continue in the medium-term future (6-12 months). Data vendor “IntelBroker,” acting admin of BreachForums, has significant oversight of activities being conducted by various threat actors on the largest English-language cybercriminal forum. In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Hacktivist gang “KillSec,” originally aligned with the
google.com
rss
forum
news
Was T-Mobile compromised by a zero-day in Jira?
2024-06-21
Was T-Mobile compromised by a zero-day in Jira? | IntelBroker is offering source code from major companies for sale. Are they demonstrating the value of a zero-day they are also selling?A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com certifications, and “Siloprograms.” (We’ve not heard of siloprograms
malwarebytes.com
rss
forum
news
CVE-2024-1597 | PostgreSQL pgjdbc up to 42.7.1 Simple Query Mode sql injection (GHSA-24rp-q3w6-vc56)
vuldb.com2024-06-11
CVE-2024-1597 | PostgreSQL pgjdbc up to 42.7.1 Simple Query Mode sql injection (GHSA-24rp-q3w6-vc56) | A vulnerability was found in PostgreSQL pgjdbc up to 42.7.1. It has been rated as critical. This issue affects some unknown processing of the component Simple Query Mode. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-1597. The attack may be
cve-2024-1597
domains
urls
cves

Social Media

Actively exploited CVE ID, source in the thread (generated, not vetted) CVE-2024-1597
1
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppPostgresqlpostgresql_jdbc_driver
Configuration 2
TypeVendorProduct
OSFedoraprojectfedora

References

ReferenceLink
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://lists.fedoraproject.org/archives/list/[email protected]/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://lists.fedoraproject.org/archives/list/[email protected]/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://security.netapp.com/advisory/ntap-20240419-0008/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007http://www.openwall.com/lists/oss-security/2024/04/02/6
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://lists.fedoraproject.org/archives/list/[email protected]/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://security.netapp.com/advisory/ntap-20240419-0008/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007http://www.openwall.com/lists/oss-security/2024/04/02/6
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://lists.fedoraproject.org/archives/list/[email protected]/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://security.netapp.com/advisory/ntap-20240419-0008/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/

CWE Details

CWE IDCWE NameDescription
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence