Description
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
Remediation
References
http://db.apache.org/derby/releases/release-10.1.2.1.html
http://issues.apache.org/jira/browse/DERBY-530
http://issues.apache.org/jira/browse/DERBY-559
Related Vulnerabilities
CVE-2021-45105 Vulnerability in maven package org.apache.logging.log4j:log4j-core
CVE-2023-41049 Vulnerability in npm package @dcl/single-sign-on-client
CVE-2022-41934 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui
CVE-2021-23639 Vulnerability in npm package md-to-pdf
CVE-2020-7746 Vulnerability in maven package org.webjars.bower:chart.js