Lucene search
K

232 matches found

CNNVD
CNNVD
added 2022/11/27 12:0 a.m.6 views

OpenDaylight SQL注入漏洞

OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in versions of OpenDaylight ODL prior to 0.16.5, which originates in its aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java component in the /auth/ v1/user...

7.5CVSS7.1AI score0.00543EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/27 12:0 a.m.3 views

OpenDaylight SQL注入漏洞

OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in versions of OpenDaylight ODL prior to 0.16.5, which stems from its aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java component in the /auth...

7.5CVSS7.1AI score0.00687EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/11/27 12:0 a.m.6 views

CVE-2022-45930

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...

8AI score0.00687EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/11/27 12:0 a.m.8 views

CVE-2022-45931

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used...

8AI score0.00543EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/27 12:0 a.m.33 views

CVE-2022-45932

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used...

8.2AI score0.00599EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/27 12:0 a.m.6 views

OpenDaylight SQL注入漏洞

OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in versions of OpenDaylight ODL prior to 0.16.5, which originates in its aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java component in the /auth/ v1/role...

7.5CVSS7.1AI score0.00599EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/11/27 12:0 a.m.31 views

CVE-2022-45930

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...

8.2AI score0.00687EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/11/27 12:0 a.m.33 views

CVE-2022-45931

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used...

8.2AI score0.00543EPSS
Exploits0References2
CVE
CVE
added 2022/11/27 12:0 a.m.67 views

CVE-2022-45930

OpenDaylight ODL prior to 0.16.5 is affected by a SQL injection in the AAA domain management path. Specifically, the deleteDomain function in DomainStore.java (aaa-idm-store-h2) handles /auth/v1/domains/ in a way that can allow arbitrary SQL execution. This is caused by the SQL construction/handl...

7.5CVSS7.9AI score0.00687EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/11/27 12:0 a.m.70 views

CVE-2022-45932

OpenDaylight (ODL) AAA component contains a SQL injection in the deleteRole path of RoleStore.deleteRole, exploitable via the /auth/v1/roles/ API. Affects ODL versions prior to 0.16.5. The vulnerability can allow a malicious user to execute arbitrary SQL against the backend database. Remediation:...

7.5CVSS7.9AI score0.00599EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/11/27 12:0 a.m.78 views

CVE-2022-45931

Summary: CVE-2022-45931 affects the AAA component in OpenDaylight (ODL) prior to 0.16.5. The vulnerability resides in the deleteUser function of UserStore.java within aaa-idm-store-h2, exploitable via the /auth/v1/users/ API interface. The issue is a SQL injection that could allow a malicious use...

7.5CVSS7.9AI score0.00543EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/17 2:50 a.m.4 views

GHSA-49WF-927P-JPVJ OpenFlow plugin for OpenDaylight allows spoofing the SDN topology

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."...

7.5CVSS7.5AI score0.02073EPSS
Exploits0References6
OSV
OSV
added 2022/05/17 2:50 a.m.6 views

GHSA-F2X4-547G-RP95 OpenFlow plugin for OpenDaylight LLDP Relay

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."...

7.5CVSS7.5AI score0.02073EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/17 2:50 a.m.14 views

OpenFlow plugin for OpenDaylight allows spoofing the SDN topology

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."...

7.5CVSS7AI score0.02073EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 2:50 a.m.11 views

OpenFlow plugin for OpenDaylight LLDP Relay

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."...

7.5CVSS7AI score0.02073EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 2:36 a.m.4 views

GHSA-QM24-4869-99PJ Opendaylight will authenticate any username and password combination

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination...

9.8CVSS7.2AI score0.02749EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 2:36 a.m.11 views

Opendaylight will authenticate any username and password combination

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination...

9.8CVSS7.3AI score0.02749EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 12:12 a.m.13 views

GHSA-4PX2-GQHV-MRC7 Password change doesn't result in Karaf clearing cache

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared e.g. via restart...

7.5CVSS7.5AI score0.01092EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 12:12 a.m.19 views

Password change doesn't result in Karaf clearing cache

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared e.g. via restart...

7.5CVSS6.9AI score0.01092EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/13 1:41 a.m.15 views

GHSA-GJQ3-997P-HG6F OpenDaylight NULL Pointer Dereference

StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...

5.3CVSS5.2AI score0.01311EPSS
Exploits1References2
Rows per page
Query Builder