products / apache_derby

Apache Derby

Apache Derby is a Java embedded RDBMS. NVD tracks it as apache:derby. CVE volume is smaller than server-class databases but passed the minimum non-sentinel threshold at Q2 evaluation.

api usage

Querying Apache Derby

product slugapache_derby

version format10.11.1.1, 10.15.2.0

bash

curl "https://api.attestd.io/v1/check?product=apache_derby&version=10.11.1.1" \
  -H "Authorization: Bearer $ATTESTD_KEY"

Example targets CVE-2015-1832 (XML external entity / SQL injection class issues in older lines). Verify risk_state after synthesis — embedded engines often skew toward local attack vectors.

json

{
  "product": "apache_derby",
  "version": "10.11.1.1",
  "supported": true,
  "risk_state": "high",
  "risk_factors": ["patch_available"],
  "actively_exploited": false,
  "remote_exploitable": false,
  "authentication_required": true,
  "patch_available": true,
  "fixed_version": "10.12.1.2",
  "confidence": 0.75,
  "cve_ids": ["CVE-2015-1832"],
  "last_updated": "2026-04-03T00:00:00Z"
}

cleaner line

Newer release

bash

curl "https://api.attestd.io/v1/check?product=apache_derby&version=10.17.1.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

notable cves

CVE history

CVE	Description	Affects	CVSS
`CVE-2015-1832`	XML external entity and SQL injection vectors in Derby network server.	before 10.12.1.2	7.5
`CVE-2009-4269`	Insufficient path validation in Derby tools.	10.5 and prior	5.0
`CVE-2018-1313`	Derby network server denial of service.	10.14.x	5.9
`CVE-2016-0739`	Information disclosure via error messages.	10.11–10.12	5.3
`CVE-2010-2232`	Access control weakness in embedded deployment modes.	10.6	4.0

All products SQLite PostgreSQL