org.apache.derby:derby (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.derby:derby, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2022-46337 — CVSS 9.8 (critical): A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker…
CVE-2015-1832 — CVSS 9.1 (critical): XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in…
CVE-2010-2232 — CVSS 7.5 (high): In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.
CVE-2018-1313 — CVSS 5.3 (medium): In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a…
CVE-2005-4849 — CVSS 5.0 (medium): Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC…
CVE-2006-7217 — CVSS 4.0 (medium): Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote…
CVE-2009-4269 — CVSS 2.1 (low): The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a…