Description
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
Remediation
References
http://db.apache.org/derby/releases/release-10.1.2.1.html
http://issues.apache.org/jira/browse/DERBY-530
http://issues.apache.org/jira/browse/DERBY-559
Related Vulnerabilities
CVE-2020-28469 Vulnerability in maven package org.webjars.bowergithub.es128:glob-parent
CVE-2022-2932 Vulnerability in npm package mobiledoc-dom-renderer
CVE-2018-14042 Vulnerability in npm package bootstrap
CVE-2013-6397 Vulnerability in maven package org.apache.solr:solr-velocity
CVE-2018-1272 Vulnerability in maven package org.springframework:spring-webmvc