CVE-2010-2232

HIGH

Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3 - Arbitrary File Overwrite via Export Processing

Title source: llm
STIX 2.1

Description

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.

References (3)

Core 3
Core References
Patch, Release Notes, Vendor Advisory x_refsource_confirm
https://issues.apache.org/jira/browse/DERBY-2925
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101562
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925

Scores

CVSS v3 7.5
EPSS 0.0167
EPSS Percentile 82.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-284
Status published
Products (6)
apache/derby 10.1.2.1
apache/derby 10.2.2.0
apache/derby 10.3.1.4
apache/derby 10.4.1.3
Apache Software Foundation/Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3
org.apache.derby/derby 10.1.2.1 - 10.4.2.0Maven
Published Oct 23, 2017
Tracked Since Feb 18, 2026