Lucene search

[email protected]NVD:CVE-2022-45930

HistoryNov 27, 2022 - 3:15 a.m.

CVE-2022-45930

2022-11-2703:15:10

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

opendaylight

aaa

security issue

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

30.5%

JSON

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.

Affected configurations

NVD

Node

linuxfoundationopendaylightMatch0.15.0

linuxfoundationopendaylightMatch0.15.6

linuxfoundationopendaylightMatch0.16.0

linuxfoundationopendaylightMatch0.16.4

References

git.opendaylight.org/gerrit/c/aaa/+/103242

jira.opendaylight.org/browse/AAA-240

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

30.5%

JSON

Related for NVD:CVE-2022-45930

prion1 redhatcve1 cvelist1 cve1