cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-46337,https://securityvulnerability.io/vulnerability/CVE-2022-46337,Apache Derby: LDAP injection vulnerability in authenticator,"A carefully crafted username can exploit a vulnerability in LDAP authentication checks in Apache Derby. This flaw allows an attacker to create excessive Derby databases, potentially exhausting disk space. Furthermore, with proper privileges, the attacker could execute malicious code linked to the Derby server account. If the LDAP-protected database lacks strong SQL authorization controls, it opens pathways for unauthorized access, enabling attackers to view, manipulate sensitive data, and execute critical database functions. To mitigate this risk, it is advised to upgrade to Java 21 and Derby 10.17.1.0 or consider building a custom Derby distribution based on earlier versions with applied fixes.",Apache,Apache Derby,9.8,CRITICAL,0.006899999920278788,false,,false,false,false,,,false,false,,2023-11-20T08:49:38.619Z,0
CVE-2018-1313,https://securityvulnerability.io/vulnerability/CVE-2018-1313,,"In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.",Apache,Apache Derby,5.3,MEDIUM,0.001180000021122396,false,,false,false,true,2018-11-19T12:38:21.000Z,true,false,false,,2018-05-07T13:29:00.000Z,0
CVE-2010-2232,https://securityvulnerability.io/vulnerability/CVE-2010-2232,,"In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.",Apache,Apache Derby,7.5,HIGH,0.0014799999771639705,false,,false,false,false,,,false,false,,2017-10-23T13:00:00.000Z,0