Yip Ng

**Name of the Vulnerable Software and Affected Versions** Apache Derby versions prior to 10.2.1.6 **Description** The issue allows remote authenticated users to lock arbitrary tables due to the lack of privilege requirement determination for lock table statements at compilation time, and consequently, the lack of enforcement of these requirements at execution time. **Recommendations** For versions prior to 10.2.1.6, update to version 10.2.1.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Derby versions prior to 10.2.1.6 **Description** The issue allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode due to a failure in determining schema privilege requirements during the DropSchemaNode bind phase. **Recommendations** For versions prior to 10.2.1.6, update to version 10.2.1.6 or later to resolve the issue.