CVE-2022-45868 - Information Exposure

Severity: None2023-02-17

Security Advisories


The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments.

The Oxygen products incorporate H2 Database as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Web Author v25.0.0.2 and olderNone N/A
Oxygen License Server v25.0 and olderNone N/A





Severity: High

CVSS Score: 7.8

The H2 Database third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-45868 vulnerability description. However, the Oxygen products does not start the library with -webAdminPassword argument. For that reason, Oxygen XML products are not affected by this vulnerability

List of Security Advisories