ID CVE-2022-45868
Summary The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."
References
Vulnerable Configurations
  • cpe:2.3:a:h2database:h2:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.61:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.62:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.62:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.63:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.64:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.64:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.65:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.65:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.66:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.66:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.67:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.67:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.68:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.68:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.69:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.69:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.70:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.70:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.71:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.72:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.73:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.74:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.74:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.0.75:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.0.75:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.101:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.101:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.102:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.102:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.103:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.103:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.104:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.104:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.105:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.105:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.106:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.106:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.107:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.107:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.108:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.108:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.109:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.109:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.110:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.110:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.111:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.111:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.112:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.112:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.113:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.113:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.114:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.114:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.115:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.115:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.116:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.116:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.117:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.117:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.118:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.118:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.1.119:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.1.119:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.120:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.120:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.121:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.121:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.122:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.122:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.123:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.123:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.124:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.124:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.125:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.125:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.126:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.126:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.127:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.127:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.128:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.128:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.129:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.129:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.130:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.130:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.131:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.131:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.132:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.132:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.133:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.133:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.134:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.134:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.135:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.135:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.136:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.136:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.137:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.137:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.138:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.138:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.139:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.139:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.140:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.140:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.141:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.141:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.142:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.142:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.143:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.143:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.144:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.144:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.145:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.145:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.2.147:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.2.147:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.146:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.146:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.146:beta:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.146:beta:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.148:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.148:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.148:beta:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.148:beta:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.149:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.149:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.149:beta:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.149:beta:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.150:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.150:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.150:beta:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.150:beta:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.151:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.151:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.151:beta:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.151:beta:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.152:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.152:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.152:beta:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.152:beta:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.153:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.153:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.154:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.154:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.155:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.155:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.156:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.156:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.157:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.157:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.158:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.158:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.159:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.159:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.160:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.160:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.161:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.161:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.162:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.162:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.163:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.163:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.164:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.164:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.165:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.165:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.166:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.166:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.167:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.167:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.168:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.168:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.169:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.169:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.170:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.170:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.171:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.171:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.172:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.172:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.173:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.173:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.174:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.174:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.3.175:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.3.175:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.177:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.177:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.178:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.178:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.181:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.181:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.182:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.182:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.183:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.183:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.184:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.184:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.185:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.185:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.186:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.186:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.187:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.187:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.188:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.188:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.190:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.190:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.191:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.191:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.192:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.192:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.193:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.193:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.194:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.194:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.195:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.195:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.196:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.196:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.197:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.197:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.198:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.198:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.199:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.199:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:1.4.200:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:1.4.200:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:2.0.202:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:2.0.202:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:2.0.204:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:2.0.204:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:2.0.206:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:2.0.206:*:*:*:*:*:*:*
  • cpe:2.3:a:h2database:h2:2.1.210:*:*:*:*:*:*:*
    cpe:2.3:a:h2database:h2:2.1.210:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-312
CAPEC
  • Retrieve Embedded Sensitive Data
    An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 30-11-2022 - 20:46
Published 23-11-2022 - 21:15
Last modified 30-11-2022 - 20:46
Back to Top