8 matches found
CVE-2022-42467
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
Authorization Bypass
org.apache.isis is vulnerable to authorization bypass. The vulnerability exists in multiple functions when running prototype mode in the h2 webconsole module which allows an remote attacker to grant authorizations directly to the query database in prototype mode...
Apache Isis Authorization Issues Vulnerability
Apache Isis is the United States Apache Apache Foundation , a framework for rapid development of domain-driven applications in Java . Apache Isis suffers from an authorization issue vulnerability that stems from the h2 webconsole module accessible in the prototype menu automatically providing the...
CVE-2022-42467
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
Default credentials
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
CVE-2022-42467
Summary of affected component: Apache Isis h2 webconsole module in prototype mode. Vulnerability mechanism: The webconsole is automatically available in prototype mode, enabling direct database queries; safeguards require explicit enablement via configuration. Root cause/mitigation details: Since...
CVE-2022-42467 h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
CVE-2022-42467 h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...