Lucene search
Veracode Vulnerability DatabaseVERACODE:7151HistoryJul 25, 2018 - 5:26 a.m.
Information Disclosure
2018-07-2505:26:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.012 Low
EPSS
Percentile
85.3%
h2 is vulnerable to information disclosures. The library doesn’t check if the filename parameter in the backup command points to a symlinked directory, allowing a malicious user to gain access to sensitive information on the database.
| CPE | Name | Operator | Version |
|---|---|---|---|
| h2 database engine | le | 1.0.20061217 | |
| h2 database engine | le | 2.0.204 | |
| h2 database engine | le | 1.0.20061217 | |
| h2 database engine | le | 2.0.204 |
References
gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20
github.com/h2database/h2database/blob/version-1.4.197/h2/src/main/org/h2/command/dml/BackupCommand.java#L55
github.com/h2database/h2database/issues/3206
lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e@%3Cuser.ignite.apache.org%3E
www.exploit-db.com/exploits/45105
www.exploit-db.com/exploits/45105/
Related
prion
prion
Design/Logic Flaw
2018-07-24 13:29:00
nvd
nvd
CVE-2018-14335
2018-07-24 13:29:00
exploitpack
exploitpack
H2 Database 1.4.197 - Information Disclosure
2018-07-30 00:00:00
ubuntucve
ubuntucve
CVE-2018-14335
2018-07-24 00:00:00
osv
osv
CVE-2018-14335
2018-07-24 13:29:00
redhatcve
redhatcve
CVE-2018-14335
2018-08-01 14:49:45
zdt
zdt
H2 Database 1.4.197 - Information Disclosure Exploit
2018-07-30 00:00:00
packetstorm
packetstorm
H2 Database 1.4.197 Information Disclosure
2018-07-30 00:00:00
cve
cve
CVE-2018-14335
2018-07-24 13:29:00
cvelist
cvelist
CVE-2018-14335
2018-07-24 13:00:00
broadcom
broadcom
BSA-2022-1837
2022-05-03 00:00:00
exploitdb
exploitdb
H2 Database 1.4.197 - Information Disclosure
2018-07-30 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2020:0727) Important: Red Hat Data Grid 7.3.3 security update
2020-03-05 12:46:52