CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

CVE-2025-29313

Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service DoS...

CVE-2025-29315

An issue in the Shiro-based RBAC Role-based Access Control mechanism of OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request...

CVE-2025-29314

CVE-2025-29314 affects OpenDaylight Service Function Chaining (SFC) Sodium-SR4 and earlier. The root cause is insecure Shiro cookie configurations (e.g., _secureCookies=False, _httpOnly=False) that enable a man-in-the-middle to access sensitive data. CVSSv3.1: 8.1 (HIGH) with network attack vecto...

CVE-2025-29315

The CVE describes a Shiro-based RBAC flaw in OpenDaylight SFC Sodium-SR4 and earlier, enabling privilege escalation via a crafted request. Affected component: OpenDaylight SFC (SFC Sodium-SR4 and below); root cause: flaws in Shiro RBAC enforcement allowing privileged operations. Impact (as per CV...