CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
Configurations

Configuration 1 (hide)

cpe:2.3:a:h2database:h2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*

History

18 Aug 2023, 14:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20230818-0011/ -

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-94 CWE-88

Information

Published : 2022-01-19 17:15

Updated : 2024-02-28 18:48


NVD link : CVE-2022-23221

Mitre link : CVE-2022-23221

CVE.ORG link : CVE-2022-23221


JSON object : View

Products Affected

oracle

  • communications_cloud_native_core_console

debian

  • debian_linux

h2database

  • h2
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')