CVE-2021-42392 vulnerability impacts only H2 databases which are actively using the Web Console and enabled remote access. By default, H2 Console is not enabled and doesn’t accept remote connections. However, in order to enable the H2 console, the administrator must explicitly load it. Also, it’s not possible to access the In-Memory Database Console from another process, unless you start a TCP server in the same process as the database was opened. So, the severity and impact are deemed low for SV.
Furthermore, H2 should be used only for experimental/demo/development purposes. If they are using it in production, please ask them to move to other standard databases.