The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2021-23463

CVE-2021-23463: H2 Database XXE Injection Vulnerability

CVE-2021-23463 is an XML External Entity injection flaw in H2 Database that enables attackers to exploit the JdbcSQLXML class. This article covers technical details, affected versions, security impact, and mitigation.

Updated: May 16, 2026

CVE-2021-23463 Overview

CVE-2021-23463 is an XML External Entity (XXE) Injection vulnerability [CWE-611] affecting the com.h2database:h2 package from version 1.4.198 up to but not including 2.0.202. The flaw resides in the org.h2.jdbc.JdbcSQLXML class object when it receives parsed string data from the org.h2.jdbc.JdbcResultSet.getSQLXML() method. Invoking getSource() with DOMSource.class as the parameter triggers the vulnerability. Attackers can exploit the issue to read arbitrary files, perform Server-Side Request Forgery (SSRF), or cause denial of service against applications that process untrusted SQLXML data through H2.

Critical Impact

Remote attackers can exfiltrate sensitive files and disrupt service availability on Java applications using vulnerable H2 versions to handle SQLXML content.

Affected Products

  • H2 Database Engine com.h2database:h2 versions 1.4.198 through 2.0.201
  • Oracle products bundling H2 (see Oracle Critical Patch Update April 2022)
  • NetApp products bundling H2 (see NetApp Security Advisory NTAP-20230818-0010)

Discovery Timeline

  • 2021-12-10 - CVE-2021-23463 published to the National Vulnerability Database (NVD)
  • 2024-11-21 - Last updated in NVD database

Technical Details for CVE-2021-23463

Vulnerability Analysis

The vulnerability stems from unsafe XML parsing in the H2 JDBC driver. When an application calls JdbcResultSet.getSQLXML(), H2 returns a JdbcSQLXML object holding the raw XML string from the database. Calling JdbcSQLXML.getSource(DOMSource.class) on that object triggers DOM parsing of the XML content without disabling external entity resolution.

Because the underlying XML parser accepts DOCTYPE declarations and external entity references, an attacker who controls the XML payload can declare entities that resolve to local files or remote URLs. The parser dereferences those entities during processing, exposing file contents or initiating outbound requests from the database server's JVM.

Exploitation requires that an application reads attacker-influenced XML data from an H2 column and converts it via getSource(DOMSource.class). The network attack vector applies wherever attacker-controlled XML can reach this code path, including web applications that store user input in H2 SQLXML columns.

Root Cause

The JdbcSQLXML implementation constructs a DocumentBuilder without calling setFeature("http://apache.org/xml/features/disallow-doctype-decl", true) or disabling external general and parameter entities. This configuration leaves the parser in its default, insecure state, satisfying the conditions for [CWE-611] Improper Restriction of XML External Entity Reference.

Attack Vector

An attacker supplies an XML payload containing an external entity such as <!ENTITY xxe SYSTEM "file:///etc/passwd"> and arranges for the target application to retrieve that payload through JdbcResultSet.getSQLXML() and process it with getSource(DOMSource.class). The resolved entity value is returned in the parsed DOM, allowing the attacker to read local files, probe internal network services, or trigger resource exhaustion. The fix in version 2.0.202 disables DTD processing and external entities in the SQLXML parser. See the H2 GitHub Pull Request #3199 and commit d83285fd for the remediation details.

Detection Methods for CVE-2021-23463

Indicators of Compromise

  • Outbound DNS or HTTP requests originating from the JVM running H2 to unexpected external hosts, indicating XXE entity resolution.
  • XML payloads in database columns or application logs containing <!DOCTYPE declarations or SYSTEM entity references.
  • Unexpected file reads of sensitive paths such as /etc/passwd, C:\Windows\win.ini, or application configuration files by the H2 process.

Detection Strategies

  • Inventory Java dependencies for com.h2database:h2 versions between 1.4.198 and 2.0.201 using Software Composition Analysis (SCA) tools.
  • Review application source code for calls to JdbcResultSet.getSQLXML() followed by getSource(DOMSource.class) on untrusted data.
  • Inspect network egress from database hosts for anomalous outbound connections triggered by XML parsing.

Monitoring Recommendations

  • Alert on JVM processes performing file system reads outside their normal working directory.
  • Monitor for DNS lookups to attacker-controlled domains originating from application servers running H2.
  • Capture and review SQL queries that insert or retrieve XML content into SQLXML columns for malicious DOCTYPE markup.

How to Mitigate CVE-2021-23463

Immediate Actions Required

  • Upgrade com.h2database:h2 to version 2.0.202 or later across all build artifacts and runtime environments.
  • Audit application code paths that invoke JdbcResultSet.getSQLXML().getSource(DOMSource.class) on data originating from untrusted sources.
  • Apply vendor patches from Oracle Critical Patch Update April 2022 and the NetApp NTAP-20230818-0010 advisory for bundled products.

Patch Information

The maintainers fixed the issue in H2 version 2.0.202 by hardening the XML parser configuration in JdbcSQLXML. The patch is documented in H2 GitHub Issue #3195, Pull Request #3199, and the Snyk Vulnerability Report. Downstream vendors should consult the Oracle Security Alert and NetApp Security Advisory for product-specific fixes.

Workarounds

  • Avoid calling getSource(DOMSource.class) on SQLXML data from H2; use getString() and parse the XML with a hardened parser that disables DTDs and external entities.
  • Configure a custom DocumentBuilderFactory with setFeature("http://apache.org/xml/features/disallow-doctype-decl", true) and disable external general and parameter entities before processing untrusted XML.
  • Restrict outbound network access from database and application hosts to limit SSRF and data exfiltration if exploitation occurs.
bash
# Update Maven dependency to the patched version
# In pom.xml:
# <dependency>
#   <groupId>com.h2database</groupId>
#   <artifactId>h2</artifactId>
#   <version>2.0.202</version>
# </dependency>

mvn versions:use-dep-version -Dincludes=com.h2database:h2 -DdepVersion=2.0.202 -DforceVersion=true
mvn clean verify

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeXXE
  • Vendor/TechH2database
  • SeverityCRITICAL
  • CVSS Score9.1
  • EPSS Probability0.77%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-611
  • Technical References
  • GitHub Commit Update
  • NetApp Security Advisory
  • Oracle Security Alert April 2022
  • Vendor Resources
  • GitHub Issue #3195
  • GitHub Pull Request #3199
  • Snyk Vulnerability Report
  • Related CVEs
  • CVE-2022-23221: H2 Database H2 Console RCE Vulnerability
  • CVE-2021-42392: H2 Database RCE Vulnerability Explained
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English