Summary & Key Actions Required
At present we are continuing to analyze CVE-2022-23221 which we became aware of on 21st January 2022 and currently has an unrated CVSS score and could have impact on the software component H2 Console. We will update this article if more information becomes available and will highlight if our recommendations or plans change.
- No action is required at this time.
Related security articles:
Please see this article for more information: https://nvd.nist.gov/vuln/detail/CVE-2022-23221
Impact to Avantra
We have completed our investigations and analysis around this CVE but will update this article if more information is available.
While all current versions of the Avantra Agent (< 21.11.4) use an affected version of com.h2database:h2, this vulnerability affects a specific use case of this software component that we do not make use of in the Avantra Agent.
Please check back to this page regularly and we will update this article with our findings and recommendations.
Impact on our customers
No action is required at this time.
Customers concerned about this CVE should update to Avantra 21.11.5 or higher which includes an updated version of this component to mitigate the CVE.
|31st Mar @ 14:00 CET
|Updated with Avantra release containing patch (21.11.5)
|21st Jan @ 18:00 CET
|Initial Notice Published
We, at Avantra, take the security of our software and our customers very seriously and it is our top priority. We will keep you up to date as more information becomes available and encourage customers to subscribe to the security section of our forum to get proactive updates as we post them.