Skip to main content

Derby

2 CVEs product

Monthly

CVE-2018-1313 Maven MEDIUM PATCH This Month

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Java Apache Information Disclosure Derby Weblogic Server
NVD
CVSS 3.1
5.3
EPSS
4.5%
CVE-2015-1832 Maven CRITICAL PATCH Act Now

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE Java Apache Derby
NVD
CVSS 3.0
9.1
EPSS
0.8%
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Java Apache Information Disclosure +2
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE Java +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy