How severe is CVE-2022-45868?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2022-45868?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2022-45868 - HIGH Severity | CVSS 7.8

Vulnerability Description

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220.

Related Vulnerabilities

CVE-2008-6828

HIGH

CVSS:7.8(High)

Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of t...

CWE-3122008

CVE-2017-1309

HIGH

CVSS:7.8(High)

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.

CWE-3122017

CVE-2018-12572

HIGH

CVSS:7.8(High)

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the...

CWE-3122018

CVE-2018-1877

HIGH

CVSS:7.8(High)

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713...

CWE-3122018

CVE-2018-19009

HIGH

CVSS:7.8(High)

Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in c...

CWE-3122018

CVE-2019-10453

HIGH

CVSS:7.8(High)

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CWE-3122019