Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
405
VMScore

CVE-2018-14335

Published: 24/07/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 405
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to H2database

Vulnerability Summary

An issue exists in H2 1.4.197. Insecure handling of permissions in the backup function allows malicious users to read sensitive files (outside of their permissions) via a symlink to a fake database file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

h2database h2 1.4.197

Vendor Advisories

Red Hat: Important: Red Hat Data Grid 7.3.3 security update
Synopsis Important: Red Hat Data Grid 733 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...
Red Hat: CVE-2018-14335
An issue was discovered in H2 14197 Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint
Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer viewpoint CVE-2018-10054, CVE-2018-14335, CVE-2018-20200, CVE-2019-10086, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019- ...

Exploits

Exploit DB: H2 Database 1.4.197 - Information Disclosure
# Exploit Title: H2 Database 14197 - Information Disclosure # Date: 2018-07-16 # Exploit Author: owodelta # Vendor Homepage: wwwh2databasecom # Software Link: wwwh2databasecom/html/downloadhtml # Version: all versions # Tested on: Linux # CVE : CVE-2018-14335 # Description: Insecure handling of permissions in the backup function allo ...
Exploit DB: H2 Database 1.4.197 Information Disclosure
H2 Database version 14197 suffers from an information disclosure vulnerability ...

Github Repositories

https://github.com/guillermo-varela/example-scan-gradle-plugin

Examples of Usage for Sonatype Scan Gradle Plugin This a demo repository showing how to use the Scan Gradle Plugin to analyze open source dependencies in Gradle projects A dependency with vulnerabilities was added to show how the output looks like The file buildgradle has a simple Gradle setup applying the plugin For more options to configure (including usage with credentia

References

CWE-59https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20https://www.exploit-db.com/exploits/45105/https://access.redhat.com/errata/RHSA-2020:0727https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2020:0727https://nvd.nist.govhttps://www.exploit-db.com/exploits/45105/https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-109/index.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook