CVE-2006-7217

Description

Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.

How to fix CVE-2006-7217

To remediate CVE-2006-7217, upgrade the affected package to a fixed version below.

• Maven/org.apache.derby:derby—upgrade to 10.2.1.6 or later

Is CVE-2006-7217 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 10.2.1.6

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2006-7217
• PATCHgithub.com/apache/derby
• WEBdb.apache.org/derby/releases/release-10.2.1.6.html
• WEBgithub.com/apache/derby/commit/28c633d82a776c90fd1cd835a0b66d1c8916d31a
• WEB