Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-42392

Опубликовано: 10 янв. 2022
Источник: ubuntu
Приоритет: high
CVSS2: 10
CVSS3: 9.8

Описание

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

2.1.210-1
esm-apps/bionic

released

1.4.196-2ubuntu0.1~esm1
esm-apps/focal

released

1.4.197-4+deb10u1build0.20.04.1
esm-apps/jammy

released

2.1.210+really1.4.197-1
esm-apps/noble

not-affected

2.1.210-1
esm-apps/xenial

released

1.4.191-1ubuntu0.1~esm1
focal

released

1.4.197-4+deb10u1build0.20.04.1
hirsute

ignored

end of life
impish

released

1.4.197-4+deb10u1build0.21.10.1

Показывать по

Ссылки на источники

10 Critical

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-42392

CVSS3: 9.8
redhat
около 4 лет назад

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

nvd логотип

CVE-2021-42392

CVSS3: 9.8
nvd
около 4 лет назад

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

debian логотип

CVE-2021-42392

CVSS3: 9.8
debian
около 4 лет назад

The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...

github логотип

GHSA-h376-j262-vhq6

CVSS3: 9.8
github
около 4 лет назад

RCE in H2 Console

fstec логотип

BDU:2022-00195

CVSS3: 9.8
fstec
около 4 лет назад

Уязвимость метода org.h2.util.JdbcUtils.getConnection системы управления базами данных H2, позволяющая нарушителю выполнить произвольный код

10 Critical

CVSS2

9.8 Critical

CVSS3