Derby Security Vulnerabilities and Issues — Derby CVE List

ApacheDerby

8 matches found

CVE•added 2023/11/20 8:49 a.m.•391 views

CVE-2022-46337

CVE-2022-46337 affects Apache Derby; a clever username can bypass LDAP authentication, enabling actions such as disk filling with junk Derby databases, malware execution visible to the Derby server user, and data access/corruption in LDAP-protected databases lacking SQL GRANT/REVOKE controls. IBM...

9.8CVSS9.8AI score0.00047EPSS

CVE•added 2016/10/03 9:0 p.m.•161 views

CVE-2015-1832

CVE-2015-1832 is an XXE vulnerability in the XmlVTI/XML datatype handling of Derby’s SqlXmlUtil, present in Apache Derby before 10.12.1.1 and exploitable when a Java Security Manager is not in place. Context-dependent attackers could read arbitrary files or cause resource exhaustion (DOS) via Xml...

9.1CVSS8.8AI score0.00818EPSS

CVE•added 2018/05/07 1:0 p.m.•144 views

CVE-2018-1313

CVE-2018-1313 affects Apache Derby 10.3.1.4 through 10.14.1.0. A specially crafted Derby Network Server network packet can cause the server to boot a database whose location/contents are under the attacker’s control if Java Security Manager is not enabled; with a permissive default Network Server...

5.3CVSS6.2AI score0.00772EPSS

CVE•added 2010/08/16 7:0 p.m.•87 views

CVE-2009-4269

CVE-2009-4269 affects Apache Derby BUILTIN authentication. The password hash generation transforms inputs before SHA-1, reducing the input space and enabling easier hash collisions, increasing the risk of password cracking. Affected versions include Derby prior to 10.6.1.0; remediation is to upgr...

2.1CVSS9AI score0.00784EPSS

CVE•added 2017/10/23 1:0 p.m.•81 views

CVE-2010-2232

CVE-2010-2232 (Apache Derby) is an export-processing flaw affecting Derby versions 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3. A remote attacker could exploit the export functionality to overwrite an existing file. This is documented across multiple sources (NVD entry and related advisories) and ...

7.5CVSS7.3AI score0.01673EPSS

CVE•added 2007/07/05 8:0 p.m.•77 views

CVE-2005-4849

Apache Derby vulnerability CVE-2005-4849 affects Derby prior to 10.1.2.1. The issue exposes the (1) user and (2) password attributes in cleartext via the RDBNAM parameter of the ACCSEC command and via the output of DatabaseMetaData.getURL, enabling context-dependent attackers to obtain sensitive ...

5CVSS6.5AI score0.02646EPSS

CVE•added 2007/07/05 8:0 p.m.•51 views

CVE-2006-7217

CVE-2006-7217 affects Apache Derby prior to 10.2.1.6. The vulnerability arises because the DropSchemaNode bind phase does not correctly enforce schema privilege requirements, allowing remote authenticated users to execute arbitrary DROP SCHEMA statements when SQL authorization mode is in effect. ...

4CVSS7.3AI score0.00508EPSS

CVE•added 2007/07/05 8:0 p.m.•44 views

CVE-2006-7216

CVE-2006-7216 affects Apache Derby prior to 10.2.1.6. The vulnerability arises because Derby does not determine privilege requirements for lock table statements at compilation time, and therefore does not enforce privilege checks at execution time. This allows remote authenticated users to lock a...

4CVSS6.6AI score0.01395EPSS