H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
History

Mon, 25 Nov 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-19T00:00:00

Updated: 2024-08-03T03:36:20.341Z

Reserved: 2022-01-14T00:00:00

Link: CVE-2022-23221

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-19T17:15:09.000

Modified: 2024-11-21T06:48:13.213

Link: CVE-2022-23221

cve-icon Redhat

Severity : Important

Publid Date: 2022-01-19T00:00:00Z

Links: CVE-2022-23221 - Bugzilla