CVE-2022-45868 - Information Exposure
Severity: None2023-02-17
Abstract
The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments.
The Oxygen products incorporate H2 Database as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Web Author v25.0.0.2 and older | None | N/A |
Oxygen License Server v25.0 and older | None | N/A |
Detail
CVE-2022-45868
Severity: High
CVSS Score: 7.8
The H2 Database third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-45868 vulnerability description. However, the Oxygen products does not start the library with -webAdminPassword argument. For that reason, Oxygen XML products are not affected by this vulnerability