Skip to content
Use the search to find information about InterSystems products and solutions, career opportunities, and more.

Alert: Risk of Silent Wrong Results When Unused Common Table Expressions Appear in SQL Queries

Summary

Alert ID
Product & Versions Affected
Risk Category & ScoreExplicit Requirements
DP-443396
  • InterSystems IRIS® data platform
  • InterSystems IRIS® for Health
  • HealthShare® Health Connect versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, and 2025.1.0, and 2025.1.1
  • HealthShare® Unified Care Record versions 2024.2 and 2025.1
Wrong Results: Low Risk Using Common Table Expressions in Dynamic SQL

Issue

In InterSystems IRIS versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, 2025.1.0, and 2025.1.1, specific SQL queries issued through Dynamic SQL that use Common Table Expressions (CTE) may silently return wrong results. The issue only occurs when the query statement includes CTE definitions that involve query parameters, but these CTEs are not used in the query itself.

For example, the following query is affected:

WITH
aaa AS (SELECT * FROM t1 WHERE f = 'abc'),
bbb AS (SELECT * FROM t2 WHERE f = 'efg')
SELECT * FROM bbb,

because the CTE aaa is not used in the query itself and includes a query parameter ‘abc’.
When such statements are issued through Embedded SQL or over xDBC connections such as JDBC or ODBC, the issue does not occur.

Impact

This issue may cause InterSystems IRIS SQL to silently return wrong results.

Resolution

The issue has been corrected in versions 2024.1.5, 2025.1.2, 2025.2.0 and any more recent version.

  • In the interim, customers who require the correction prior to these releases may request an ad hoc distribution for the fix (DP-443588) through the Worldwide Response Center.
  • As a mitigation, customers can simply remove the unused CTE definition from the statement.

For More Information

If you have questions or need assistance, please contact the InterSystems Worldwide Response Center (WRC).

Latest Alerts & Advisories

07 okt 2025
Risk Category & Score Explicit Requirements DP-442892 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2023.3.0, 2024.1.0 – 2024.1.3, 2024.2.0, 2024.3.0, and 2025.1.0 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: High Risk Specific use of OUTER JOIN when the inner leg has an index on the join fields In InterSystems IRIS versions 2023.3.0, 2024.1.0 – 2024.1.3, 2024.2.0, 2024.3.0, and 2025.1.0, for queries that use an OUTER JOIN and where InterSystems IRIS performs parallel execution, the query may silently return wrong results.
07 okt 2025
Risk Category & Score Explicit Requirements HSHC-5268 HealthShare® Health Connect and InterSystems IRIS® for Health versions 2025.1.1 Functional: Medium Risk Occurs when performing SDA3 -> FHIR transformations involving the Encounter resource.
30 sep 2025
In InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect, versions 2025.1.1 and 2025.2.0, the new “ Mirror Database Download” functionality does not include certain globals.
24 sep 2025
Risk Category & Score Explicit Requirements DP-444551 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2025.1.0, 2025.1.1, and 2025.2
03 sep 2025
Risk Category & Score Explicit Requirements DP-442440 InterSystems IRIS ® data platform 2025.1.1.308.0 InterSystems IRIS for Health HealthShare® Health Connect Operational:
23 jul 2025
InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.
23 jul 2025
InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).
10 jun 2025
Advisory ID Product & Versions Affected Risk Category & Score Explicit Requirements DP-439649 Products: