Description
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
Remediation
References
http://db.apache.org/derby/releases/release-10.1.2.1.html
http://issues.apache.org/jira/browse/DERBY-530
http://issues.apache.org/jira/browse/DERBY-559
Related Vulnerabilities
CVE-2022-0198 Vulnerability in maven package edu.stanford.nlp:stanford-corenlp
CVE-2022-31170 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2019-10744 Vulnerability in maven package org.webjars.npm:lodash
CVE-2021-32659 Vulnerability in npm package matrix-appservice-bridge
CVE-2012-5783 Vulnerability in maven package commons-httpclient:commons-httpclient