CVE-2010-2232

CWE-284Improper Access ControlCWE-2128 documents8 sources
Severity
7.5HIGH
EPSS
1.7%
top 17.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache DerbyApache Derby
Timeline
PublishedOct 23
Latest updateMay 17

Description

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.derby:derby10.1.2.110.4.2.0
NVDapache/derby4 versions+3
CVEListV5apache_software_foundation/apache_derby10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3

Patches

Patch: db.apache.orgPatch: issues.apache.orgPatch: db.apache.org

🔴Vulnerability Details

3
GHSA
Improper Access Control in Apache Derby2022-05-17
OSV
Improper Access Control in Apache Derby2022-05-17
CVEList
CVE-2010-2232: In Apache Derby 102017-10-23

💥Exploits & PoCs

1
Exploit-DB
South River Technologies WebDrive Service 9.02 build 2232 - Bad Security Descriptor Privilege Escalation2010-01-26

📋Vendor Advisories

2
Red Hat
derby: SYSCS_EXPORT_TABLE can be used to overwrite derby files2017-10-23
Debian
CVE-2010-2232: derby - In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing ma...2010

💬Community

1
Bugzilla
CVE-2010-2232 derby: SYSCS_EXPORT_TABLE can be used to overwrite derby files2017-11-10
CVE-2010-2232 (HIGH CVSS 7.5) | In Apache Derby 10.1.2.1 | cvebase.io