H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Nov 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat jboss Enterprise Application Platform Eus
|
|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
Vendors & Products |
Redhat jboss Enterprise Application Platform Eus
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-01-19T00:00:00
Updated: 2024-08-03T03:36:20.341Z
Reserved: 2022-01-14T00:00:00
Link: CVE-2022-23221
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-01-19T17:15:09.000
Modified: 2024-11-21T06:48:13.213
Link: CVE-2022-23221
Redhat