CVE-2005-4849

CWE-200Information Exposure5 documents5 sources
Severity
5.0MEDIUM
EPSS
2.6%
top 14.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Derby
Timeline
PublishedDec 31
Latest updateMay 1

Description

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Mavenorg.apache.derby:derby< 10.1.2.1
NVDapache/derby10.1.1.0

Patches

Patch: db.apache.orgPatch: db.apache.org

🔴Vulnerability Details

3
OSV
Apache Derby exposes user and password attributes2022-05-01
GHSA
Apache Derby exposes user and password attributes2022-05-01
CVEList
CVE-2005-4849: Apache Derby before 102007-07-05

📋Vendor Advisories

1
Debian
CVE-2005-4849: derby - Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in...2005
CVE-2005-4849 (MEDIUM CVSS 5) | Apache Derby before 10.1.2.1 expose | cvebase.io