Lucene search
Veracode Vulnerability DatabaseVERACODE:38229HistoryNov 24, 2022 - 9:07 a.m.
Information Disclosure
2022-11-2409:07:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
h2 database engine
vulnerability
webadminpassword
plaintext
administrator
password
running processes
information disclosure
web admin console
0.0004 Low
EPSS
Percentile
5.1%
H2 Database Engine is vulnerable to information disclosure. The vulnerability is caused by the webAdminPassword argument, which allows an administrator to specify the password in plaintext. An attacker can get the password for the H2 web admin console by looking at the running processes.
| CPE | Name | Operator | Version |
|---|---|---|---|
| h2 database engine | le | 2.1.214 | |
| h2 database engine | le | 2.1.214 |
References
github.com/advisories/GHSA-22wj-vf5f-wrvj
github.com/h2database/h2database/blob/96832bf5a97cdc0adc1f2066ed61c54990d66ab5/h2/src/main/org/h2/server/web/WebServer.java#L346-L347
github.com/h2database/h2database/commit/fd85ea22277c98cfa5dbc072cefa2c46eff9ef46
github.com/h2database/h2database/issues/3686
sites.google.com/sonatype.com/vulnerabilities/sonatype-2022-6243
Related
nvd
nvd
CVE-2022-45868
2022-11-23 21:15:11
cve
cve
CVE-2022-45868
2022-11-23 21:15:11
debiancve
debiancve
CVE-2022-45868
2022-11-23 21:15:11
cvelist
cvelist
CVE-2022-45868
2022-11-23 00:00:00
prion
prion
Default credentials
2022-11-23 21:15:00
osv
osv
Password exposure in H2 Database
2022-11-23 21:30:31
ubuntucve
ubuntucve
CVE-2022-45868
2022-11-23 00:00:00
github
github
Password exposure in H2 Database
2022-11-23 21:30:31
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00