CVE-2022-45868

🗓️ 23 Nov 2022 21:15:11Reported by [email protected]Type

The H2 Database Engine before 2.2.220 allows the web admin console password to be specified in clear text via the command line interface, potentially exposing it to local users or attackers with local access

Reporter	Title	Published	Views	Family All 26
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities	20 Jun 202308:52	–	ibm
ATTACKERKB	CVE-2022-45868	23 Nov 202221:15	–	attackerkb
BDU FSTEC	The vulnerability of the H2 database management system’s web interface allows attackers to escalate their privileges.	8 Dec 202300:00	–	bdu_fstec
Circl	CVE-2022-45868	24 Nov 202200:14	–	circl
CNNVD	H2database 安全漏洞	23 Nov 202200:00	–	cnnvd
CVE	CVE-2022-45868	23 Nov 202200:00	–	cve
Cvelist	CVE-2022-45868	23 Nov 202200:00	–	cvelist
Debian CVE	CVE-2022-45868	23 Nov 202200:00	–	debiancve
EUVD	EUVD-2022-7189	3 Oct 202520:07	–	euvd
Github Security Blog	Password exposure in H2 Database	23 Nov 202221:30	–	github

NVD

Node

h2database h2Range≤2.1.214

Source	Link
sites	www.sites.google.com/sonatype.com/vulnerabilities/sonatype-2022-6243
github	www.github.com/h2database/h2database/blob/96832bf5a97cdc0adc1f2066ed61c54990d66ab5/h2/src/main/org/h2/server/web/WebServer.java
github	www.github.com/advisories/GHSA-22wj-vf5f-wrvj
github	www.github.com/h2database/h2database/releases/tag/version-2.2.220
github	www.github.com/h2database/h2database/pull/3833
github	www.github.com/h2database/h2database/issues/3686

21 Nov 2024 07:29Current

CVSS 3.17.8 - 8.4

EPSS0.00293

CWE-312