Login Sign Up

CVE-2024-32888

10.0 CRITICAL
SQL Injection

📋 TL;DR

This CVE describes a SQL injection vulnerability in the Amazon JDBC Driver for Redshift when using the unsupported 'preferQueryMode=simple' connection property. Attackers could execute arbitrary SQL commands on affected databases. Only users who explicitly set this non-default parameter are vulnerable.

💻 Affected Systems

Products:
  • Amazon JDBC Driver for Redshift
Versions: All versions prior to 2.1.0.28
Operating Systems: Any OS running Java applications with the vulnerable driver
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when explicitly setting 'preferQueryMode=simple' connection property. Default configuration uses extended query mode and is not vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise including data theft, modification, deletion, and potential privilege escalation to execute arbitrary commands on the database server.

🟠

Likely Case

Data exfiltration, unauthorized data modification, or database disruption through SQL injection attacks.

🟢

If Mitigated

No impact when using default extended query mode or when proper input validation and parameterized queries are implemented.

🌐 Internet-Facing: HIGH if vulnerable configuration is exposed to untrusted users who can submit SQL queries.
🏢 Internal Only: MEDIUM as internal attackers or compromised accounts could exploit the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires application code with vulnerable SQL that negates parameter values, combined with the specific connection property setting.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.0.28

Vendor Advisory: https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-x3wm-hffr-chwm

Restart Required: Yes

Instructions:

1. Update Amazon Redshift JDBC Driver to version 2.1.0.28 or later. 2. Replace the driver JAR file in your application. 3. Restart the application to load the new driver version.

🔧 Temporary Workarounds

Remove preferQueryMode=simple

all

Do not use the 'preferQueryMode=simple' connection property in your JDBC connection strings or configuration.

Remove 'preferQueryMode=simple' from all JDBC connection strings and configuration files

🧯 If You Can't Patch

  • Ensure all SQL queries use parameterized statements/prepared statements
  • Implement strict input validation and sanitization for all user-supplied data in SQL queries

🔍 How to Verify

Check if Vulnerable:

Check if your application uses Amazon Redshift JDBC Driver version <2.1.0.28 AND has 'preferQueryMode=simple' in connection properties.

Check Version:

Check the driver JAR file name or use: java -cp redshift-jdbc42-*.jar com.amazon.redshift.Driver --version

Verify Fix Applied:

Verify driver version is 2.1.0.28 or later and confirm 'preferQueryMode=simple' is not present in connection strings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL query patterns, especially with negation operators
  • Multiple failed login attempts or unusual database access patterns

Network Indicators:

  • Unusual database query traffic patterns from application servers

SIEM Query:

Search for connection strings containing 'preferQueryMode=simple' in configuration files or application logs

📊 Metadata

CVE ID: CVE-2024-32888
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-89
Published: May 15, 2024
Last Updated: June 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32888, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)