Security Announcement on CVE-2021-42392

We will update this announcement with new details as they emerge from our analysis. Please check back periodically.

Last update: 02 April 2024, 09:00 AM CET

CVE-2021-42392 is a security vulnerability rated 9.8.

It affects H2, an open-source software that is required as a third-party component for the operation of our products.

Under certain circumstances, potential attackers can access sensitive data by using remote code execution.

After further investigation we can confirm, that there is no active or possible attack vector for our product lines. The update of below components will take place during our standard security patch cycles with normal priority.

Further official information on this can be found at the National Institute of Standards and Technology.


You can find the hotfixes in our Serviceportal via 'Software > Version > Release Info'.

Enter DB-7982 in the search field to find all hotfixes related to this security warning.

Version 11.0

No hotfixes required.

Version 10.10

  • Microsoft Teams Services: pending

  • Office 365 Services: pending

  • enaio® repository-manager: pending

  • enaio® coLab: pending


No hotfixes required.


You will receive the hotfixes as usual via our e-mail distribution list. You can find the list of hotfixes that have already been deployed in the developer documentation.

Version 2023 Winter LTS

  • office-for-the-web/yuuvis-momentum-provider-client: pending