Published: 10/01/2022 Updated: 12/01/2022

Vulnerability Summary

Unauthenticated RCE in H2 Database Console. This issue has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading). H2 is a very popular open-source Java SQL database offering a lightweight in-memory solution that doesn’t require data to be stored on disk. This makes it a popular data storage solution for various projects from web platforms like Spring Boot to IoT platforms like ThingWorks. The com.h2database:h2 package is part of the top 50 most popular Maven packages, with almost 7000 artifact dependencies.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vendor Advisories

The orgh2utilJdbcUtilsgetConnection method of the H2 database takes as parameters the class name of the driver and URL of the database An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution This can be exploited through various attack vectors, most notably through the H2 Console which ...

Github Repositories

jpa-ddl Use JPA 21 to generate database tables, load initial data via SQL statements, and emit DDL statements Two versions are presented, one that uses plain Tomcat with EclipseLink bundled in the WAR file, and another one that uses TomEE with EclipseLink (this version needs EclipseLink to be manually installed) The two versions are very similar The TomEE version is a bit s

CVE-2021-42392-Detect About The script detects vulnerable H2 server for the give list of IPs, it can identify the H2 Console web pages and check for access restrictions Usage Place the IP list and h2-detectpy in the same directory and execute the command The script looks for IPtxt in the current directory, hence place a IPtxt list and run the script or modify the input fil

jpa-crypt Store and retrieve encrypted data in SQL databases using JPA JPA 21 supports automatic table creation and generating DDL statements, so no actual SQL coding is required The encryption algorithm used is AES-GCM, which is a shorthand for the mouthful Advanced Encryption Standard -- Galois/Counter Mode, but this can easily be changed by changing a few parameters in th

搜集2022年的漏洞 命令执行 TerraMaster TOS session 伪造、任意⽂件读取、远程命令执⾏等多个漏洞 H2 数据库控制台未授权 RCE (CVE-2021-42392) Atlassian Jira Server and Data Center 授权RCE漏洞 (CVE-2021-43947) 代码执行 GoAhead 远程代码执⾏漏洞 (CVE-2021-42342) SQL注入 wordpress SQL注入漏洞 (CVE-2022–21661)