CVE-2006-7217 – org.apache.derby:derby

Package

Manager: maven
Name: org.apache.derby:derby
Vulnerable Version: >=0 <10.2.1.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00445 pctl0.6254

Details

Apache Derby SQL Injection Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.

Metadata

Created: 2022-05-01T07:45:41Z
Modified: 2024-02-12T16:48:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v7cq-pq7v-mh5v/GHSA-v7cq-pq7v-mh5v.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-v7cq-pq7v-mh5v
Finding: F297
Auto approve: 1