CVE-2015-1832

Name of the Vulnerable Software and Affected Versions: Apache Derby versions prior to 10.12.1.1

Description: The issue is related to an XML external entity (XXE) vulnerability in the SqlXmlUtil code. This vulnerability can be exploited by context-dependent attackers to read arbitrary files or cause a denial of service through vectors involving XmlVTI and the XML datatype, but only when a Java Security Manager is not in place.

Recommendations: For Apache Derby versions prior to 10.12.1.1, update to version 10.12.1.1 or later to resolve the issue. As a temporary workaround, consider enabling a Java Security Manager to restrict the actions of the attacker.