CVE-2021-42392

Published: Jan 10, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

Affected (5)

Products: H2database: H2 · Debian: Debian Linux · Oracle: Communications Cloud Native Core Policy

1 product

1 product

1 product

Communications Cloud Native Core Policy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
H2database H2	From 1.1.000 to 2.0.204

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 9.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Policy	Version 1.15.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (14)

https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6

Source: reefs@jfrog.com

MitigationThird Party Advisory

https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/

Source: reefs@jfrog.com

ExploitTechnical DescriptionVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html

Source: reefs@jfrog.com

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20220119-0001/

Source: reefs@jfrog.com

Third Party Advisory

https://www.debian.org/security/2022/dsa-5076

Source: reefs@jfrog.com

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: reefs@jfrog.com

PatchThird Party Advisory

https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/

Source: reefs@jfrog.com

https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20220119-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2022/dsa-5076

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.