Remote code execution in H2 - CVE-2021-42392ID: oval:org.secpod.oval:def:77179 | Date: (C)2022-01-13 (M)2023-08-24 |
Class: VULNERABILITY | Family: windows |
The host is installed with H2 1.1.100 through 2.0.204 and is prone to a remote code execution vulnerability. The flaws are present in the org.h2.util.JdbcUtils.getConnection method, which fails to handle the parameters like class name of the driver and URL of the database. Successful exploitation could lead to unauthenticated remote code execution.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8 |
Microsoft Windows Server 2012 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows 11 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows Server 2012 R2 |