Security Announcement on CVE-2021-42392

We will update this announcement with new details as they emerge from our analysis. Please check back periodically.

Last update: 02 April 2024, 09:00 AM CET

CVE-2021-42392 is a security vulnerability rated 9.8.

It affects H2, an open-source software that is required as a third-party component for the operation of our products.

Under certain circumstances, potential attackers can access sensitive data by using remote code execution.

After further investigation we can confirm, that there is no active or possible attack vector for our product lines. The update of below components will take place during our standard security patch cycles with normal priority.

Further official information on this can be found at the National Institute of Standards and Technology.

enaio®

You can find the hotfixes in our Serviceportal via 'Software > Version > Release Info'.

Enter DB-7982 in the search field to find all hotfixes related to this security warning.

Version 11.0

No hotfixes required.

Version 10.10

Microsoft Teams Services: pending
Office 365 Services: pending
enaio® repository-manager: pending
enaio® coLab: pending

yuuvis®-RAD

No hotfixes required.

yuuvis®-Momentum

You will receive the hotfixes as usual via our e-mail distribution list. You can find the list of hotfixes that have already been deployed in the developer documentation.

Version 2023 Winter LTS

office-for-the-web/yuuvis-momentum-provider-client: pending

Navigation

Navigate through the help pages using the table of contents on the left. If it is not displayed when the window width is small, you can temporarily show it via the hamburger menu on the right.

Use the arrows on the toolbar to navigate to the next/previous page.

You can show hidden areas. Use the toolbar to show all hidden areas at once:

Clicking the product icon in the header returns you to the beginning of the current area. Use the toolbar to access the initial page: