10.1.3.1

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

apache

NVD

Published: 2007-07-05

Updated: 2024-11-21

Summary

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Derby 10.1.1.0 Apache Derby 10.1.3.1 Apache Derby 10.1.2.1	3

References

http://db.apache.org/derby/releases/release-10.2.1.6.html
http://issues.apache.org/jira/browse/DERBY-1708
http://db.apache.org/derby/releases/release-10.2.1.6.html
http://issues.apache.org/jira/browse/DERBY-1708