CVE-2024-8862

Summary

CVE-2024-8862 is a critical vulnerability affecting h2oai h2o-3 version 3.46.0.4, specifically in the JDBC Connection Handler's getConnectionSafe function, which allows for remote deserialization attacks via manipulated query arguments. The vulnerability has low attack complexity and does not require authentication or user interaction, posing significant risks to the confidentiality, integrity, and availability of affected systems with a CVSS score of 9.8. Organizations using this software should apply available patches or mitigate exposure by restricting access to the vulnerable components to prevent potential exploitation. As the vendor has not responded to disclosure attempts, organizations are advised to monitor for any public exploits related to this vulnerability. Failure to address this issue could lead to unauthorized access and control over sensitive data or system functionalities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.