Vulnerabilities > Apache > Derby > 10.2.1.6

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2022-46337 Injection vulnerability in Apache Derby
A cleverly devised username might bypass LDAP authentication checks.
network
low complexity
apache CWE-74
critical
9.8
2016-10-03 CVE-2015-1832 XXE vulnerability in Apache Derby
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
network
low complexity
apache CWE-611
critical
9.1
2010-08-16 CVE-2009-4269 Cryptographic Issues vulnerability in Apache Derby
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
local
low complexity
apache CWE-310
2.1