CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46337 – Apache Derby: LDAP injection vulnerability in authenticator
https://notcve.org/view.php?id=CVE-2022-46337
20 Nov 2023 — A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren't also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view ... • https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2018-1313
https://notcve.org/view.php?id=CVE-2018-1313
07 May 2018 — In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected rele... • https://github.com/tafamace/CVE-2018-1313 •
CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0CVE-2015-1832
https://notcve.org/view.php?id=CVE-2015-1832
03 Oct 2016 — XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype. Vulnerabilidad de XXE en el código SqlXmlUtil en Apache Derby en versiones anteriores a 10.12.1.1, cuando un Java Security Manager no está en su lugar, permite a atacantes depedientes del contexto leer archi... • http://www-01.ibm.com/support/docview.wss?uid=swg21990100 • CWE-399: Resource Management Errors CWE-611: Improper Restriction of XML External Entity Reference •