CVE STALKER

CVE-2021-42392

CVSS
DESCRIPTIONThe org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
HEAT SCORE340

WORDS

TWEETS

DATE TWEETS USER
2022-04-13 09:11:02@marcsavy Check out CVE-2022-23221 and CVE-2021-42392!lukaseder
2022-04-05 16:40:11🔥 PatrowlHears Alert: CVE-2021-42392 CVSS: 10.0 / CTI Score: 85 / Exploit: 1 The org.h2.util.JdbcUtils.getConnectio… https://t.co/4pJKhPluGu https://twitter.com/i/web/status/1511383161049133059patrowl_io
2022-03-17 18:30:50New post from https://t.co/9KYxtdZjkl (CVE-2021-42392 (debian_linux, h2)) has been published on https://t.co/NYz4Pgkd18 http://www.sesin.at https://www.sesin.at/2022/03/17/cve-2021-42392-debian_linux-h2/www_sesin_at
2022-03-17 18:30:29New post from https://t.co/uXvPWJy6tj (CVE-2021-42392 (debian_linux, h2)) has been published on https://t.co/qoC8jbJaOB http://www.sesin.at https://www.sesin.at/2022/03/17/cve-2021-42392-debian_linux-h2/WolfgangSesin
2022-03-17 17:23:30🚨 NEW: CVE-2021-42392 🚨 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the c… https://t.co/tzn3QCbu11 https://twitter.com/i/web/status/1504506154331873298threatintelctr
2022-02-23 13:50:17H2 Database JNDI Lookup RCE (CVE-2021-42392) https://t.co/bkOr3QZGDY #Nessus https://www.tenable.com/plugins/nessus/158252SecurityNewsbot
2022-02-23 08:21:32H2 Database JNDI Lookup RCE (CVE-2021-42392) https://t.co/egKORBwAuJ https://ift.tt/LSbGv7Xcc_cyberdefence
2022-02-16 16:51:39🚨 NEW: CVE-2021-42392 🚨 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the c… https://t.co/MKqet5W4Ae https://twitter.com/i/web/status/1493989422152536070threatintelctr
2022-02-15 08:20:12IT Risk: Debian.h2databaseに複数の脆弱性 リモートコードの実行 不正アクセスを受ける https://t.co/7Q4zgCqRGI CVE-2021-42392 CVE-2022-23221 https://lists.debian.org/debian-lts-announce/2022/02/msg00017.htmlmanagement_sun
2022-02-15 02:50:11🚨 NEW: CVE-2021-42392 🚨 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the c… https://t.co/70kvtZTxrI https://twitter.com/i/web/status/1493415574948532224threatintelctr
2022-02-06 22:40:08CVE-2021-42392 Unauthenticated RCE in H2 Database Console. This issue has the sa... https://t.co/AaOEYlm6Xx Cust… https://t.co/ggM4pGuafM http://vulmon.com/vulnerabilitydetails?qid=CVE-2021-42392 https://twitter.com/i/web/status/1490453093221339144VulmonFeeds
2022-01-20 22:12:57.@FortiGuardLabs Threat Signal Report: Remote Code Execution in H2 Console JNDI - (CVE-2021-42392):… https://t.co/P0ML1tDr3t https://twitter.com/i/web/status/1484286411440377858FortiMisti1
2022-01-20 07:20:54🚨 NEW: CVE-2021-42392 🚨 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the c… https://t.co/nxWhiX92ku https://twitter.com/i/web/status/1484061435227701248threatintelctr
2022-01-20 03:20:09🚨 NEW: CVE-2021-42392 🚨 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the c… https://t.co/MDbEBPZya4 https://twitter.com/i/web/status/1484001036813713409threatintelctr
2022-01-19 16:51:04.@FortiGuardLabs Threat Signal Report: Remote Code Execution in H2 Console JNDI - (CVE-2021-42392):… https://t.co/JIu2zrzy5Q https://twitter.com/i/web/status/1483843278420295684ChrisRobertsSec
2022-01-19 15:42:25New post from https://t.co/9KYxtdZjkl (CVE-2021-42392 (h2)) has been published on https://t.co/kiqyPpLryy http://www.sesin.at https://www.sesin.at/2022/01/19/cve-2021-42392-h2/www_sesin_at
2022-01-19 15:42:16New post from https://t.co/uXvPWJy6tj (CVE-2021-42392 (h2)) has been published on https://t.co/6J5XVDOYA7 http://www.sesin.at https://www.sesin.at/2022/01/19/cve-2021-42392-h2/WolfgangSesin
2022-01-19 15:30:15Another unauthenticated RCE vuln in the H2 Database console: CVE-2021-42392. Fixed in v2.1.210+. PoC: jdbc:h2:mem:… https://t.co/gbqxBtW1fx https://twitter.com/i/web/status/1483823884046643208d0nkey_man
2022-01-19 15:20:45🚨 NEW: CVE-2021-42392 🚨 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the c… https://t.co/ninrLydh1g https://twitter.com/i/web/status/1483819845070344193threatintelctr
2022-01-19 14:50:14🚨 NEW: CVE-2021-42392 🚨 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the c… https://t.co/cgdQbdXHaX https://twitter.com/i/web/status/1483812293473607683threatintelctr
2022-01-14 17:31:25One night, CVE-2021-42392 wished upon a star, and today that wish has been granted. It now has a name, like a real,… https://t.co/pq5eDl9OMn https://twitter.com/i/web/status/1482039043391119363vulnonym
2022-01-14 06:10:36Researchers have found a new Log4Shell-like critical RCE vulnerability (CVE-2021-42392) in the H2 Database Console,… https://t.co/exiZe4bv4K https://twitter.com/i/web/status/1481871138380726275steiner254
2022-01-14 03:21:23H2 Databaseのコンソールにリモートコード実行可能な脆弱性(CVE-2021-42392) https://t.co/nkqZtw6xrc Javaオープンソースデータベース「H2 Database」のコンソールでリモー… https://t.co/j8Y2ymFFwo https://a-zs.net/javasql_dbh2_vulnerability/ https://twitter.com/i/web/status/1481826854097289218A_zs_Blog
2022-01-13 12:30:07.@FortiGuardLabs Threat Signal Report: Remote Code Execution in H2 Console JNDI - (CVE-2021-42392):… https://t.co/nsbcmBALYg https://twitter.com/i/web/status/1481602743009689601artur_t0rres
2022-01-13 08:52:25Researchers have found a new Log4Shell-like critical RCE vulnerability (CVE-2021-42392) in the H2 Database Console,… https://t.co/Fkg5TslF1Z https://twitter.com/i/web/status/1481547410300338187SparkzSolutions
2022-01-12 17:52:41🚨 NEW: CVE-2021-42392 🚨 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the c… https://t.co/SYyvfdAa5z https://twitter.com/i/web/status/1481320889769775104threatintelctr
2022-01-12 12:00:09To protect yourself from the bug CVE-2021-42392: 🔹 Upgrade H2 to version 2.0.206 if you have apps using H2 Databas… https://t.co/znmHvEtDR9 https://twitter.com/i/web/status/1481234511509794818NakedSecurity
2022-01-12 11:10:44CVE-2021-42392 - H2 Database Engine / H2 database - RCE - https://t.co/BX6ZNNEqIX https://www.redpacketsecurity.com/cve-2021-42392-h2-database-engine-h2-database-rce/RedPacketSec
2022-01-12 01:40:16.@FortiGuardLabs Threat Signal Report: Remote Code Execution in H2 Console JNDI - (CVE-2021-42392):… https://t.co/onwrbm79tQ https://twitter.com/i/web/status/1481077651347582977mdfaridulalam
2022-01-12 01:20:15.@FortiGuardLabs Threat Signal Report: Remote Code Execution in H2 Console JNDI - (CVE-2021-42392):… https://t.co/Ai7d9B3Q8u https://twitter.com/i/web/status/1481071991641845760gabrielauyong
2022-01-11 23:31:15#FortiGuardLabs Threat Signal Report: Remote Code Execution in H2 Console JNDI - (CVE-2021-42392):… https://t.co/q7wgMyDJIS https://twitter.com/i/web/status/1481044507852431370FortiGuardLabs
2022-01-11 22:14:02CVE-2021-42392-Detect https://t.co/3KV25RfW0E #Pentesting #CyberSecurity #Infosec https://t.co/qXTgGwRcF8 https://github.com/cybersecurityworks553/CVE-2021-42392-Detectptracesecurity
2022-01-11 18:11:13https://t.co/QYbarqQCJK CVE-2021-42392, which is currently awaiting National Vulnerability Database analysis, d… https://t.co/NuPh3RVHl3 https://www.csoonline.com/article/3646416/new-log4shell-like-vulnerability-impacts-h2-java-sql-database.html https://twitter.com/i/web/status/1480963786395717633eagerbeavertech
2022-01-11 06:12:12"RT @TheHackersNews: Researchers have found a new #Log4Shell-like critical RCE #vulnerability (CVE-2021-42392) in t… https://t.co/eiByUkNuQz https://twitter.com/i/web/status/1480782225809494017trip_elix
2022-01-11 05:50:41Log4Shell-Like RCE Vulnerability Found on H2 Database Console (CVE-2021-42392). https://t.co/5EJABmqoiP https://github.com/cybersecurityworks553/CVE-2021-42392-Detectpratikmahale007
2022-01-11 01:30:05@pyn3rd 你好,我想请问一下 CVE-2021-42392和log4j没有关系的吧?(我看到jfrog的文章写了有关系🥲)Daiwei_David
2022-01-10 18:54:23New post from https://t.co/9KYxtdZjkl (CVE-2021-42392) has been published on https://t.co/6s2POlAJDe http://www.sesin.at https://www.sesin.at/2022/01/10/cve-2021-42392/www_sesin_at
2022-01-10 18:54:04New post from https://t.co/uXvPWJy6tj (CVE-2021-42392) has been published on https://t.co/XO6pVZJeWe http://www.sesin.at https://www.sesin.at/2022/01/10/cve-2021-42392/WolfgangSesin
2022-01-10 18:21:03@GHSecurityLab making some impact in H2DB's JNDI vulnerability CVE-2021-42392. Shouldn't the GHSA advisory have CVE… https://t.co/zpfKLR2W5R https://twitter.com/i/web/status/1480603521644961792vijaycert
2022-01-10 14:20:08Another JNDI issue. CVE-2021-42392 Might say is not as widely spread, but the challenge again will be to find whic… https://t.co/WqPgeUbsJO https://twitter.com/i/web/status/1480543405277024256hmier
2022-01-10 14:20:06here we go again... check your products documentation if are using H2 DB CVE-2021-42392 "....uses the H2 database… https://t.co/IK3ecKencO https://twitter.com/i/web/status/1480544427361853440hmier
2022-01-10 10:10:05Anyone else testing/ looking out for CVE-2021-42392? I sure am. #BugBountyalph4byt3
2022-01-10 06:30:09Exploit for CVE-2021-42392 https://t.co/juHd6Iy3Tb #Exploit #Sploitus https://sploitus.com/exploit?id=A12F5BFB-38CA-5221-9B3F-EA21C2BDF1C8sploitus_com
2022-01-09 15:10:19CVE-2021-42392 https://t.co/rGZTGE4xW6 #HarsiaInfo https://har-sia.info/CVE-2021-42392.htmlHar_sia
2022-01-09 14:50:06H2-Datenbank Sicherheitslücke, ähnlich der Log4j Schwachstelle, entdeckt. CVE-2021-42392 soll jedoch lediglich die… https://t.co/gfyJrBsF1o https://twitter.com/i/web/status/1480188180456513537jee_giu
2022-01-09 08:41:23Researchers disclosed a critical RCE flaw(CVE-2021-42392) in the H2 open-source Java SQL database which is similar… https://t.co/326Fq3VDzf https://twitter.com/i/web/status/1480094707837403136Cybersec4u2
2022-01-09 01:40:05Researchers have found a new #Log4Shell-like critical RCE #Vulnerability (CVE-2021-42392) in the H2 database consol… https://t.co/UmE4sitDhp https://twitter.com/i/web/status/1479990803023937539AnonymCov2
2022-01-08 20:40:11「CVE-2021-42392として追跡されたこの欠陥により、攻撃者は脆弱なシステムでリモートコードを実行できる可能性があります。幸いなことに、Log4Jの問題とは異なり、それほど広範囲に及ぶべきではありません」 https://t.co/lNuw8zctxA https://twitter.com/foxbook/status/1479914010992652289foxbook
2022-01-08 18:10:05https://t.co/r02KeuL0bZ Unlike Log4Shell, the CVE-2021-42392 bug can't be triggered simply by emebdding booby-t… https://t.co/0JBcgvieoo https://nakedsecurity.sophos.com/2022/01/07/log4shell-like-security-hole-found-in-popular-java-sql-database-engine-h2/ https://twitter.com/i/web/status/1479876740906303494eagerbeavertech
2022-01-08 16:40:04@kurtseifried @jfrog Also in MITRE's web CVE-2021-42392 has a "date record created" of 2021-10-14. Does that mean i… https://t.co/BOmZdLBJ6g https://twitter.com/i/web/status/1479854490719240198Vicen_Herrera
2022-01-08 16:00:05#FortiGuardLabs Threat Signal Report: Remote Code Execution in H2 Console JNDI - (CVE-2021-42392):… https://t.co/zqHnh7m4aa https://twitter.com/i/web/status/1479845354770206721FortiGuardLabs
2022-01-08 15:10:05CVE-2021-42392 https://t.co/rGZTGE4xW6 #HarsiaInfo https://har-sia.info/CVE-2021-42392.htmlHar_sia
2022-01-08 14:10:05Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2021-42392: 341.1K (audience size) CVE-2021-38000: 182.6K CVE-2021… https://t.co/Z4bAKcJlco https://twitter.com/i/web/status/1479815160743305219CVEtrends
2022-01-08 13:10:04What you need to know about CVE-2021-42392 https://t.co/qN6kzXi92O #log4shell http://www.mastertheboss.com/jbossas/jboss-datasource/what-you-need-to-know-about-cve-2021-42392/?utm_source=feedly&utm_medium=rss&utm_campaign=what-you-need-to-know-about-cve-2021-42392fpientka
2022-01-08 09:00:05Hacking Life: RCE en consola de BBDD H2 (CVE-2021-42392) - https://t.co/AT8CcM2P54 https://hackinglife2021.blogspot.com/2022/01/rce-en-consola-de-bbdd-h2-cve-2021-42392.html?m=1txambe
2022-01-08 06:40:29H2 データベースコンソールにおける未認証のリモートコード実行の脆弱性(CVE-2021-42392)が確認 https://t.co/5Jw7ixC6KY https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392A_zs_Blog
2022-01-08 06:30:04Nach Log4Shell zum Jahresende startet 2022 mit CVE-2021-42392. Ich bin gespannt wie oft wir dieses Jahr noch JNDI i… https://t.co/pFNuGsZiZZ https://twitter.com/i/web/status/1479701891982442502Schubi97
2022-01-08 05:40:03CVE-2021-42392か。今回はそんな騒がれへんやろratto_
2022-01-07 23:50:54CVE-2021-42392 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name… https://t.co/4h7oKi5p0S https://twitter.com/i/web/status/1479600088578154506CVEnew
2022-01-07 23:30:05CVE-2021-42392 : The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class na… https://t.co/o6oOiK1KAA https://twitter.com/i/web/status/1479595421597147136CVEreport
2022-01-07 21:30:05「CVE-2021-42392は、National Vulnerability Database(NVD)でまだ正式に公開されていませんが、JFrogによると、人気のあるH2 JavaSQLデータベースのコンソールに影響を与えます」 https://t.co/fMsE6qRCer https://twitter.com/foxbook/status/1479564247688486915foxbook
2022-01-07 19:10:34In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a… https://t.co/7kj3MzOo05 https://twitter.com/i/web/status/1479528276850794497BluefinPayments
2022-01-07 18:51:24Vulnerabilidad crítica en la consola de Bases de Datos H2 (Java) ▶️ Ejecución Remota de Código (RCE) CVE-2021-42392… https://t.co/xfvUFqoes9 https://twitter.com/i/web/status/1479523629864034308elhackernet
2022-01-07 18:50:11Researchers have found a new Log4Shell-like critical RCE vulnerability (CVE-2021-42392) in the H2 Database Console,… https://t.co/7FOH8CGujs https://twitter.com/i/web/status/1479525402322227201NandanLohitaksh
2022-01-07 18:00:19🚨 Investigadores de @jfrog han encontrado una nueva vulnerabilidad RCE crítica similar a Log4Shell (CVE-2021-42392)… https://t.co/zB74flpFp6 https://twitter.com/i/web/status/1479512667677147138jpcarsi
2022-01-07 17:00:16The #JNDI Strikes Back – Unauthenticated #RCE in H2 Database Console #CVE-2021-42392 #Apache #Log4j (JNDI remote cl… https://t.co/MshbXKvHuG https://twitter.com/i/web/status/1479496641862324227misaelban
2022-01-07 16:20:21Researchers have found a new Log4Shell-like critical RCE vulnerability (CVE-2021-42392) in the H2 Database Console,… https://t.co/1qgIeuluKz https://twitter.com/i/web/status/1479486095091974144ksg93rd
2022-01-07 15:10:39CVE-2021-42392 https://t.co/rGZTGE4xW6 #HarsiaInfo https://har-sia.info/CVE-2021-42392.htmlHar_sia
2022-01-07 14:50:27Varsel: 🟠Høj risiko (Orange)🟠 CVE-2021-42392 JFrog H2 minder på mange måder om Log4J sårbarheden 😱 https://t.co/ZEvncA80ap https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/DCIS_SUND
2022-01-07 14:10:28Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2021-42392: 1.5M (audience size) CVE-2021-44228: 584.7K CVE-2021-4… https://t.co/oK8MpBSGhD https://twitter.com/i/web/status/1479452774815444997CVEtrends
2022-01-07 14:10:23Researchers have found a new #Log4Shell-like critical RCE #vulnerability (CVE-2021-42392) in the H2 Database Consol… https://t.co/Z8piAM46QE https://twitter.com/i/web/status/1479454021748465670unix_root
2022-01-07 13:00:22Researchers have found a new #Log4Shell-like critical RCE #vulnerability (CVE-2021-42392) in the H2 Database Consol… https://t.co/L1VaXlcc1i https://twitter.com/i/web/status/1479436153422028804security_wang
2022-01-07 12:40:19@Lesend_im_Apfel So Regional ist der gar nicht aber wahrscheinlich CVE-2021-42392 wenn dir das weiterhilft. 😘Schmitt_13
2022-01-07 12:10:10CVE-2021-42392 Unauthenticated RCE in H2 Database Console. This issue has the sa... https://t.co/AaOEYlm6Xx Vuln… https://t.co/aLSvuwB9Lp http://vulmon.com/vulnerabilitydetails?qid=CVE-2021-42392 https://twitter.com/i/web/status/1479424251765698560VulmonFeeds
2022-01-07 12:00:11Researchers have found a new #Log4Shell-like critical RCE #vulnerability (CVE-2021-42392) in the H2 Database Consol… https://t.co/yh8OEDx9j1 https://twitter.com/i/web/status/1479420802340560898unix_root
2022-01-07 11:10:12Researchers have found a new Log4Shell-like critical RCE vulnerability (CVE-2021-42392) in the H2 Database Console,… https://t.co/jWHA8kJ7ZC https://twitter.com/i/web/status/1479408128714231815AlirezaGhahrood
2022-01-07 11:00:19Researchers have found a new #Log4Shell-like critical RCE #vulnerability (CVE-2021-42392) in the H2 Database Consol… https://t.co/5PL338NCnU https://twitter.com/i/web/status/1479405702682611713Swati_THN
2022-01-07 11:00:07Critical unauthenticated RCE #vulnerability (CVE-2021-42392) in the H2 Database Console. https://t.co/mAoVZRTAoC #infosec #CyberSecurity https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/?utm_campaign=Log4j&utm_content=004atglxq0kpxz6&utm_medium=social&utm_source=twitterShadoWhisper1
2022-01-07 09:50:27"Researchers have found a new #Log4Shell-like critical RCE #vulnerability (CVE-2021-42392) in the H2 Database Conso… https://t.co/vkFd6YuRwg https://twitter.com/i/web/status/1479388052632047620trip_elix
2022-01-07 09:50:20Researchers have found a new #Log4Shell-like critical RCE #vulnerability (CVE-2021-42392) in the H2 Database Consol… https://t.co/lmKNdZqu1l https://twitter.com/i/web/status/1479388274145771520FreddyNt2301
2022-01-07 09:41:29Researchers have found a new #Log4Shell-like critical RCE #vulnerability (CVE-2021-42392) in the H2 Database Consol… https://t.co/SsXIPAMYEL https://twitter.com/i/web/status/1479385593029165061TheHackersNews
2022-01-07 09:40:27Researchers have found a new #Log4Shell-like critical RCE #vulnerability (CVE-2021-42392) in the H2 Database Consol… https://t.co/1IfjMA7ARO https://twitter.com/i/web/status/1479386418078093314YourAnonRiots
2022-01-06 20:30:25See the latest CVE discovered by the JFrog Security Research team on the H2 database console – CVE-2021-42392. This… https://t.co/4LWkQfnUyJ https://twitter.com/i/web/status/1479186262770827270jfrog