Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

Published

2022-01-10T14:10:23.643

Last Modified

2024-11-21T06:27:43.510

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-502
Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	h2database	h2	≤ 2.0.204	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Application	oracle	communications_cloud_native_core_policy	1.15.0	Yes

References

https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6 Mitigation, Third Party Advisory ([email protected])
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Exploit, Technical Description, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html Mailing List, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20220119-0001/ Third Party Advisory ([email protected])
https://www.debian.org/security/2022/dsa-5076 Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/ ([email protected])
https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6 Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Exploit, Technical Description, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220119-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5076 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/ (af854a3a-2127-422b-91ae-364da2661108)