Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-41853

DescriptionThe MITRE CVE dictionary describes this issue as: Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.

Source

Affected Packages and Issued Red Hat Security Errata

Search:

Platform	Package	State
Red Hat JBoss Operations Network 3	org.jboss.on-jboss-on-parent	Out of support scope
Red Hat OpenStack Platform 13 (Queens)	opendaylight	Under investigation
Red Hat Enterprise Linux 8	libreoffice	Under investigation
Red Hat Enterprise Linux 9	libreoffice	Under investigation
Red Hat JBoss Enterprise Application Platform 6	jboss-on	Out of support scope
Red Hat JBoss Operations Network 3	jboss-on	Out of support scope
Red Hat Integration Camel for Spring Boot	hsqldb low This rating is given to all other issues that may have a security impact. These are the types of vulnerabilities that are believed to require unlikely circumstances to be able to be exploited, or where a successful exploit would give minimal consequences. This includes flaws that are present in a program’s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.	Affected
Red Hat Integration Camel K	hsqldb low This rating is given to all other issues that may have a security impact. These are the types of vulnerabilities that are believed to require unlikely circumstances to be able to be exploited, or where a successful exploit would give minimal consequences. This includes flaws that are present in a program’s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.	Affected
Red Hat Integration Camel Quarkus	hsqldb low This rating is given to all other issues that may have a security impact. These are the types of vulnerabilities that are believed to require unlikely circumstances to be able to be exploited, or where a successful exploit would give minimal consequences. This includes flaws that are present in a program’s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.	Affected
Red Hat JBoss Enterprise Application Platform 7	hsqldb low This rating is given to all other issues that may have a security impact. These are the types of vulnerabilities that are believed to require unlikely circumstances to be able to be exploited, or where a successful exploit would give minimal consequences. This includes flaws that are present in a program’s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.	Affected

Show entries

First Previous1 2 3Next Last

Showing 1 to 10 of 25 entries

Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Affected Packages and Issued Red Hat Security Errata

low Impact

low Impact

low Impact

low Impact

Vulmon Search

About

Products

Connect