Vulnerability Name:

CVE-2022-23221 (CCN-217826)

Assigned:2022-01-04
Published:2022-01-04
Updated:2022-10-05
Summary:H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.8 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-23221

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html

Source: FULLDISC
Type: Exploit, Mailing List, Third Party Advisory
20220124 Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221.

Source: XF
Type: UNKNOWN
h2console-cve202223221-code-exec(217826)

Source: CONFIRM
Type: Patch, Release Notes, Third Party Advisory
https://github.com/h2database/h2database/releases/tag/version-2.1.210

Source: CCN
Type: H2 GIT Repository
RCE in H2 Console

Source: MISC
Type: Mitigation, Patch, Third Party Advisory
https://github.com/h2database/h2database/security/advisories

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220215 [SECURITY] [DLA 2923-1] h2database security update

Source: CCN
Type: Packet Storm Security [01-25-2022]
H2 Database Console Remote Code Execution

Source: MISC
Type: Exploit, Third Party Advisory
https://twitter.com/d0nkey_man/status/1483824727936450564

Source: DEBIAN
Type: Third Party Advisory
DSA-5076

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: N/A
Type: Not Applicable
N/A

Vulnerable Configuration:Configuration 1:
  • cpe:/a:h2database:h2:*:*:*:*:*:*:*:* (Version >= 1.1.100 and < 2.0.206)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    h2database h2 *
    debian debian linux 9.0
    debian debian linux 10.0
    debian debian linux 11.0
    oracle communications cloud native core console 1.9.0