Lucene search

GitHub Advisory DatabaseGHSA-XPRW-XVVM-VQMV

HistoryMay 17, 2022 - 12:29 a.m.

Improper Access Control in Apache Derby

2022-05-1700:29:52

CWE-284

GitHub Advisory Database

github.com

apache derby

improper access control

export processing

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

59.2%

JSON

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.

Affected configurations

Vulners

Node

org.apache.derbyderbyRange10.1.2.1–10.4.1.3

VendorProductVersionCPE
org.apache.derbyderby*cpe:2.3:a:org.apache.derby:derby:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.derby	derby	*	cpe:2.3:a:org.apache.derby:derby::::::::

References

db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925

github.com/advisories/GHSA-xprw-xvvm-vqmv

issues.apache.org/jira/browse/DERBY-2925

nvd.nist.gov/vuln/detail/CVE-2010-2232

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

59.2%

JSON

Related for GHSA-XPRW-XVVM-VQMV