Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-45868
HistoryNov 23, 2022 - 12:00 a.m.

CVE-2022-45868

2022-11-2300:00:00
mitre
raw.githubusercontent.com

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states “This is not a vulnerability of H2 Console … Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.” Nonetheless, the issue was fixed in 2.2.220.

Related

cve 1
veracode 1
debiancve 1
prion 1
osv 1
github 1
ubuntucve 1
ibm 1
oracle 1
cve
cve
CVE-2022-45868
2022-11-23 21:15:11
veracode
veracode
Information Disclosure
2022-11-24 09:07:33
debiancve
debiancve
CVE-2022-45868
2022-11-23 21:15:11
prion
prion
Default credentials
2022-11-23 21:15:00
osv
osv
Password exposure in H2 Database
2022-11-23 21:30:31
github
github
Password exposure in H2 Database
2022-11-23 21:30:31
ubuntucve
ubuntucve
CVE-2022-45868
2022-11-23 00:00:00
ibm
ibm
Security Bulletin: IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities
2023-06-20 08:52:54
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for CVELIST:CVE-2022-45868
cve1veracode1debiancve1prion1osv1github1ubuntucve1ibm1oracle1