Apache Derby is vulnerable to information disclosure. A context-dependent attacker is able to retrieve the cleartext user and password attributes are exposed via the RDBNAM
parameter of the ACCSEC
command and the output of the DatabaseMetaData.getURL
function.
CPE | Name | Operator | Version |
---|---|---|---|
apache derby database engine and embedded jdbc driver | eq | 10.1.1.0 | |
apache derby client jdbc driver | eq | 10.1.1.0 |