Information Disclosure
Apache Derby is vulnerable to information disclosure. The attack exists due to a flaw in the password hash generation algorithm in the BUILTIN authentication functionality which leads to generation of small password search space allowing easy password cracking...