CVE-2018-10054
published 2018-04-11CVE-2018-10054: H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the…
PriorityP273high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
34.99%
98.2th percentile
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | bamboo_data_center | — | — |
| cognitect | datomic | < 0.9.5697 | 0.9.5697 |
| h2database | h2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for SQL statements containing CREATE ALIAS directed at H2 database instances, as this is the primary exploitation vector for arbitrary Java code execution. ↗
- →H2's web interface restricts many characters; watch for obfuscated or encoded SQL payloads attempting to bypass input filtering on the H2 web console. ↗
- →Exploitation requires a valid database connection; alert on unexpected or unauthenticated connections to H2 database endpoints, especially using in-memory database URLs. ↗
- →Watch for payload files written to the working directory of the H2 process (not just /tmp), as exploits may drop files there when /tmp is not writable. ↗
- →Audit Bamboo Data Center and Server deployments for the presence of vulnerable com.h2database:h2 versions (1.4.197, 1.4.199, 2.0.204, 2.1.214) as confirmed affected products. ↗
- ·H2 is not intended to be exposed outside a secure/trusted environment; exposure of the H2 web interface or database port to untrusted networks is a prerequisite for remote exploitation. ↗
- ·Version detection may fail for certain H2 versions during exploitation attempts, meaning version-based detection alone is unreliable. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Atlassian
CVE-2018-10054: RCE (Remote Code Execution) com.h2database:h2 Dependency in Bamboo Data Center and Server
vendor_atlassian·2024-01-16·CVSS 2.0
CVE-2018-10054 [HIGH] CVE-2018-10054: RCE (Remote Code Execution) com.h2database:h2 Dependency in Bamboo Data Center and Server
CVE-2018-10054: RCE (Remote Code Execution) com.h2database:h2 Dependency in Bamboo Data Center and Server
RCE (Remote Code Execution) com.h2database:h2 Dependency in Bamboo Data Center and Server
CVE: CVE-2018-10054
Severity: HIGH
Affected products: Bamboo Data Center
GHSA
Improper Input Validation in Datomic
ghsa·2022-05-13
CVE-2018-10054 [HIGH] CWE-20 Improper Input Validation in Datomic
Improper Input Validation in Datomic
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code.
OSV
Improper Input Validation in Datomic
osv·2022-05-13
CVE-2018-10054 [HIGH] Improper Input Validation in Datomic
Improper Input Validation in Datomic
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code.
No detection rules found.
No writeups or analysis indexed.
http://blog.datomic.com/2018/03/important-security-update.htmlhttps://forum.datomic.com/t/important-security-update-0-9-5697/379https://github.com/h2database/h2database/issues/1225https://github.com/h2database/h2database/issues/1808#issuecomment-599203115https://github.com/h2database/h2database/issues/3099https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3Ehttps://mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.htmlhttps://security.netapp.com/advisory/ntap-20240719-0003/https://www.exploit-db.com/exploits/44422/http://blog.datomic.com/2018/03/important-security-update.htmlhttps://forum.datomic.com/t/important-security-update-0-9-5697/379https://github.com/h2database/h2database/issues/1225https://github.com/h2database/h2database/issues/1808#issuecomment-599203115https://github.com/h2database/h2database/issues/3099https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3Ehttps://mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.htmlhttps://security.netapp.com/advisory/ntap-20240719-0003/https://www.exploit-db.com/exploits/44422/
2018-04-11
Published