{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-42392", "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "dateUpdated": "2024-08-04T03:30:38.345Z", "dateReserved": "2021-10-14T00:00:00", "datePublished": "2022-01-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG", "dateUpdated": "2023-02-24T00:00:00"}, "descriptions": [{"lang": "en", "value": "The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution."}], "affected": [{"vendor": "h2database", "product": "h2", "versions": [{"version": "1.1.000", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "references": [{"url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"}, {"name": "[debian-lts-announce] 20220215 [SECURITY] [DLA 2923-1] h2database security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"}, {"name": "DSA-5076", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5076"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"url": "https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/"}, {"url": "https://security.netapp.com/advisory/ntap-20220119-0001/"}, {"url": "https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-502", "cweId": "CWE-502"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:30:38.345Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20220215 [SECURITY] [DLA 2923-1] h2database security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"}, {"name": "DSA-5076", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5076"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_transferred"]}, {"url": "https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20220119-0001/", "tags": ["x_transferred"]}, {"url": "https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:h2database:h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "6770600B-79F8-4C9A-A455-CC0F0604D864", "versionEndIncluding": "2.0.204", "versionStartIncluding": "1.1.000", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution."}, {"lang": "es", "value": "El m\u00e9todo org.h2.util.JdbcUtils.getConnection de la base de datos H2 toma como par\u00e1metros el nombre de la clase del controlador y la URL de la base de datos. Un atacante puede pasar un nombre de controlador JNDI y una URL que conlleve a un servidor LDAP o RMI, causando una ejecuci\u00f3n de c\u00f3digo remota. Esto puede ser explotado mediante varios vectores de ataque, sobre todo mediante la Consola H2 que conlleva a una ejecuci\u00f3n de c\u00f3digo remoto no autenticado"}], "id": "CVE-2021-42392", "lastModified": "2024-11-21T06:27:43.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-10T14:10:23.643", "references": [{"source": "reefs@jfrog.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"}, {"source": "reefs@jfrog.com", "tags": ["Exploit", "Technical Description", "Vendor Advisory"], "url": "https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/"}, {"source": "reefs@jfrog.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"}, {"source": "reefs@jfrog.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220119-0001/"}, {"source": "reefs@jfrog.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5076"}, {"source": "reefs@jfrog.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "reefs@jfrog.com", "url": "https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Vendor Advisory"], "url": "https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220119-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/"}], "sourceIdentifier": "reefs@jfrog.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "reefs@jfrog.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:4922", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "h2", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2022-06-06T00:00:00Z"}, {"advisory": "RHSA-2022:4919", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2022-06-06T00:00:00Z"}, {"advisory": "RHSA-2022:4918", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2022-06-06T00:00:00Z"}, {"advisory": "RHSA-2022:6787", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "impact": "low", "package": "h2", "product_name": "Red Hat Single Sign-On 7", "release_date": "2022-10-04T00:00:00Z"}, {"advisory": "RHSA-2022:6782", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7", "impact": "low", "package": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 7", "release_date": "2022-10-04T00:00:00Z"}, {"advisory": "RHSA-2022:6783", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8", "impact": "low", "package": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 8", "release_date": "2022-10-04T00:00:00Z"}, {"advisory": "RHSA-2022:7417", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "impact": "low", "package": "h2", "product_name": "Red Hat Single Sign-On 7.6.1", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:7409", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "impact": "low", "package": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:7410", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "impact": "low", "package": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:7411", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "impact": "low", "package": "rh-sso7-0:1-5.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:7411", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "impact": "low", "package": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:7411", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "impact": "low", "package": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:1013", "cpe": "cpe:/a:redhat:camel_quarkus:2.2.1", "package": "h2", "product_name": "RHINT Camel-Q 2.2.1", "release_date": "2022-03-22T00:00:00Z"}], "bugzilla": {"description": "h2: Remote Code Execution in Console", "id": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-502", "details": ["The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.", "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution."], "name": "CVE-2021-42392", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:6", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "h2", "product_name": "Red Hat build of Apicurio Registry"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "h2", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "h2", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "h2", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss BRMS 6"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "h2", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss SOA Platform 5"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-metering-presto", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "h2", "product_name": "Red Hat Process Automation 7"}], "public_date": "2022-01-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-42392\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-42392\nhttps://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"], "statement": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "threat_severity": "Moderate", "upstream_fix": "h2 2.0.206"}