Sql Injection

🗓️ 20 Feb 2024 07:34:50Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 238 Views

PostgreSQL vulnerability to SQL Injection, caused by unescaped user-provided parameters in query

Reporter	Title	Published	Views	Family All 171
IBM Security Bulletins	Security Bulletin: An IBM QRadar SIEM JDBC protocol is vulnerable to SQL injection (CVE-2024-1597)	15 May 202408:37	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of Postgresql JDBC, IBM Instana Observability is vulnerable to SQL injection.	17 Apr 202413:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar	30 Apr 202417:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to SQL injection in PostgreSQL JDBC Driver [CVE-2024-1597]	25 Apr 202417:46	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	10 Apr 202409:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql-42.5.1.jar	8 Jul 202506:25	–	ibm
IBM Security Bulletins	Security Bulletin: InfoSphere Data Replication is affected by postgresql vulnerbility	10 Mar 202520:12	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.12 addresses multiple security vulnerabilities.	2 Apr 202411:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics Certified Containers is affected by security vulnerabilities	7 Nov 202519:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector includes components with known vulnerabilities	11 Apr 202421:04	–	ibm

Vulners

Node

java-postgresql-jdbc java-postgresql-jdbcMatch42.6.0-r1java

AND

alpinelinux alpine_linuxMatch3.19

java-postgresql-jdbc java-postgresql-jdbcMatch42.6.0-r0java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.5.0-r0java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.2.25-r0java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.4.2-r0java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.6.0-r1java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.2.10-r1java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.5.4-r1java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.3.3-r0java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.3.5-r0java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.5.4-r0java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.2.10-r0java

AND

java-postgresql-jdbc java-postgresql-jdbcMatch42.5.1-r0java

AND

alpinelinux alpine_linuxMatchedge

postgresql postgresqlRange42.7.0–42.7.1java

postgresql postgresqlMatch42.6.0java

postgresql postgresqlRange42.5.0–42.5.4java

postgresql postgresqlRange42.4.0–42.4.3java

postgresql postgresqlRange42.3.0–42.3.8java

postgresql postgresqlRange9.2-1002-jdbc4–42.2.27java

Source	Link
github	www.github.com/advisories/GHSA-xfg6-62px-cxc2
github	www.github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee
github	www.github.com/advisories/GHSA-24rp-q3w6-vc56
github	www.github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
lists	www.lists.debian.org/debian-lts-announce/2024/05/msg00007.html
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/
security	www.security.netapp.com/advisory/ntap-20240419-0008/
enterprisedb	www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/
enterprisedb	www.enterprisedb.com/docs/security/assessments/cve-2024-1597/
openwall	www.openwall.com/lists/oss-security/2024/04/02/6

10 Jun 2024 18:38Current

7.8High risk

Vulners AI Score7.8

CVSS 3.19.8 - 10

EPSS0.0035

SSVC