Russian Vulnerability Scanner Database

Back to List

CVE-2021-42392

Scores

EPSS

0.910high91.0%
0%20%40%60%80%100%

Percentile: 91.0%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-502

Related Vulnerabilities

BDU:2022-00195

Exploits

Exploit ID: CVE-2021-42392

Source: github-poc

URL: https://github.com/Be-Innova/CVE-2021-42392-exploit-lab

Vulnerable Software (24)

Type: Configuration

Product: eap7-h2database

Operating System: rhel

Trait: 
{  "fixed": "1.4.197-2.redhat_00004.1.el8eap"}

Source: redhat

Type: Configuration

Product: eap7-h2database

Operating System: rhel

Trait: 
{  "fixed": "1.4.197-2.redhat_00004.1.el7eap"}

Source: redhat

Type: Configuration

Product: h2database

Operating System: ubuntu bionic 18.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: ubuntu focal 20.04

Trait: 
{  "fixed": "1.4.197-4+deb10u1build0.20.04.1"}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: ubuntu hirsute 21.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: ubuntu impish 21.10

Trait: 
{  "fixed": "1.4.197-4+deb10u1build0.21.10.1"}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: ubuntu jammy 22.04

Trait: 
{  "fixed": "2.1.210+really1.4.197-1"}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: ubuntu kinetic 22.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: ubuntu lunar 23.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: ubuntu mantic 23.10

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: ubuntu noble 24.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: ubuntu trusty 14.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: ubuntu xenial 16.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: h2database

Operating System: debian

Trait: 
{  "fixed": "2.1.210-1"}

Source: debian

Type: Configuration

Product: rh-sso7

Operating System: rhel

Trait: 
{  "fixed": "1-5.el9sso"}

Source: redhat

Type: Configuration

Product: rh-sso7-javapackages-tools

Operating System: rhel

Trait: 
{  "fixed": "6.0.0-7.el9sso"}

Source: redhat

Type: Configuration

Product: rh-sso7-keycloak

Operating System: rhel

Trait: 
{  "fixed": "15.0.8-1.redhat_00001.1.el8sso"}

Source: redhat

Type: Configuration

Product: rh-sso7-keycloak

Operating System: rhel

Trait: 
{  "fixed": "18.0.3-1.redhat_00001.1.el7sso"}

Source: redhat

Type: Configuration

Product: rh-sso7-keycloak

Operating System: rhel

Trait: 
{  "fixed": "18.0.3-1.redhat_00001.1.el8sso"}

Source: redhat

Type: Configuration

Product: rh-sso7-keycloak

Operating System: rhel

Trait: 
{  "fixed": "18.0.3-1.redhat_00001.1.el9sso"}

Source: redhat