CVE-2021-42392 — Deserialization of Untrusted Data in Oracle Communications Cloud Native Core Console

CWE-502 — Deserialization of Untrusted Data CWE-88 — Argument Injection20 documents10 sources

Severity

9.8CRITICALNVD

EPSS

91.0%

top 0.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

H2database H2 Debian H2database Debian Linux +2 more

Timeline

PublishedJan 10

Latest updateJun 28

Description

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDh2database/h21.1.100 — 2.0.206+1

▶debiandebian/h2database< h2database 2.1.210-1 (bookworm)

▶NVDoracle/communications_cloud_native_core_console1.9.0

▶NVDoracle/communications_cloud_native_core_policy1.15.0

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

h2database vulnerabilities↗2022-04-05

▶

OSV

Arbitrary code execution in H2 Console↗2022-01-21

▶

GHSA

Arbitrary code execution in H2 Console↗2022-01-21

▶

OSV

CVE-2022-23221: H2 Console before 2↗2022-01-19

▶

OSV

CVE-2021-42392: The org↗2022-01-10

▶

📋Vendor Advisories

Ubuntu

H2 vulnerabilities↗2024-06-13

▶

Oracle

Oracle Oracle Communications Risk Matrix: Policy (H2) — CVE-2021-42392↗2022-04-15

▶

Ubuntu

H2 vulnerabilities↗2022-04-05

▶

Red Hat

h2: Loading of custom classes from remote servers through JNDI↗2022-01-19

▶

Red Hat

h2: Remote Code Execution in Console↗2022-01-04

▶

🕵️Threat Intelligence

Talos

Threat Source Newsletter (Jan. 20, 2022)↗2022-01-20

▶

Sentinelone

Log4j One Month On | Crimeware and Exploitation Roundup↗2022-01-10

▶

Sentinelone

Log4j One Month On | Crimeware and Exploitation Roundup↗2022-01-10

▶

📄Research Papers

arXiv

SBOM.EXE: Countering Dynamic Code Injection based on Software Bill of Materials in Java↗2024-06-28

▶