/

cve-2021-42392 Report - Details, Severity, & Advisorie...

cve-2021-42392 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2021-42392?

CVE-2021-42392 is a critical vulnerability affecting the H2 database, an open-source Java SQL database. With a severity score of 9.8, this vulnerability allows for unauthenticated remote code execution (RCE) in systems using H2 database versions from 1.1.000 up to 2.0.204, Debian Linux 9.0, 10.0, and 11.0, and Oracle Communications Cloud Native Core Policy 1.15.0. The vulnerability is exploited through various attack vectors, most notably the H2 Console, and is related to the same root cause as the Log4Shell vulnerability in Apache Log4j (JNDI remote class loading).

Who is impacted by this?

CVE-2021-42392 affects users of the H2 database and its org.h2.util.JdbcUtils.getConnection method, as well as users of the H2 Console. This vulnerability impacts H2 database versions from 1.1.000 up to 2.0.204, Debian Linux 9.0, 10.0, and 11.0, and Oracle Communications Cloud Native Core Policy 1.15.0. It allows for unauthenticated remote code execution, posing a significant risk to affected systems.

What to do if cve-2021-42392 affected you

If you're affected by the CVE-2021-42392 vulnerability, it's crucial to take immediate action to secure your systems. Here's a simplified list of steps to follow:

  1. Upgrade the H2 database to version 2.0.206 or higher.

  2. Upgrade your Java (JRE/JDK) version to enable the trustURLCodebase mitigation.

  3. Add a security constraint to the H2 console Servlet when deployed on a web server.

  4. Monitor for any suspicious activity on the H2 console and related systems.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2021-42392 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This critical vulnerability affects the H2 database and allows for unauthenticated remote code execution.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data in the H2 database, leading to remote code execution.

Learn More

For a comprehensive understanding of this vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

cve-2021-42392 Report - Details, Severity, & Advisorie...

cve-2021-42392 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2021-42392?

CVE-2021-42392 is a critical vulnerability affecting the H2 database, an open-source Java SQL database. With a severity score of 9.8, this vulnerability allows for unauthenticated remote code execution (RCE) in systems using H2 database versions from 1.1.000 up to 2.0.204, Debian Linux 9.0, 10.0, and 11.0, and Oracle Communications Cloud Native Core Policy 1.15.0. The vulnerability is exploited through various attack vectors, most notably the H2 Console, and is related to the same root cause as the Log4Shell vulnerability in Apache Log4j (JNDI remote class loading).

Who is impacted by this?

CVE-2021-42392 affects users of the H2 database and its org.h2.util.JdbcUtils.getConnection method, as well as users of the H2 Console. This vulnerability impacts H2 database versions from 1.1.000 up to 2.0.204, Debian Linux 9.0, 10.0, and 11.0, and Oracle Communications Cloud Native Core Policy 1.15.0. It allows for unauthenticated remote code execution, posing a significant risk to affected systems.

What to do if cve-2021-42392 affected you

If you're affected by the CVE-2021-42392 vulnerability, it's crucial to take immediate action to secure your systems. Here's a simplified list of steps to follow:

  1. Upgrade the H2 database to version 2.0.206 or higher.

  2. Upgrade your Java (JRE/JDK) version to enable the trustURLCodebase mitigation.

  3. Add a security constraint to the H2 console Servlet when deployed on a web server.

  4. Monitor for any suspicious activity on the H2 console and related systems.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2021-42392 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This critical vulnerability affects the H2 database and allows for unauthenticated remote code execution.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data in the H2 database, leading to remote code execution.

Learn More

For a comprehensive understanding of this vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

cve-2021-42392 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2021-42392?

CVE-2021-42392 is a critical vulnerability affecting the H2 database, an open-source Java SQL database. With a severity score of 9.8, this vulnerability allows for unauthenticated remote code execution (RCE) in systems using H2 database versions from 1.1.000 up to 2.0.204, Debian Linux 9.0, 10.0, and 11.0, and Oracle Communications Cloud Native Core Policy 1.15.0. The vulnerability is exploited through various attack vectors, most notably the H2 Console, and is related to the same root cause as the Log4Shell vulnerability in Apache Log4j (JNDI remote class loading).

Who is impacted by this?

CVE-2021-42392 affects users of the H2 database and its org.h2.util.JdbcUtils.getConnection method, as well as users of the H2 Console. This vulnerability impacts H2 database versions from 1.1.000 up to 2.0.204, Debian Linux 9.0, 10.0, and 11.0, and Oracle Communications Cloud Native Core Policy 1.15.0. It allows for unauthenticated remote code execution, posing a significant risk to affected systems.

What to do if cve-2021-42392 affected you

If you're affected by the CVE-2021-42392 vulnerability, it's crucial to take immediate action to secure your systems. Here's a simplified list of steps to follow:

  1. Upgrade the H2 database to version 2.0.206 or higher.

  2. Upgrade your Java (JRE/JDK) version to enable the trustURLCodebase mitigation.

  3. Add a security constraint to the H2 console Servlet when deployed on a web server.

  4. Monitor for any suspicious activity on the H2 console and related systems.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2021-42392 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This critical vulnerability affects the H2 database and allows for unauthenticated remote code execution.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data in the H2 database, leading to remote code execution.

Learn More

For a comprehensive understanding of this vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.