CVE-2022-45931

Summary: CVE-2022-45931 affects the AAA component in OpenDaylight (ODL) prior to 0.16.5. The vulnerability resides in the deleteUser function of UserStore.java within aaa-idm-store-h2, exploitable via the /auth/v1/users/ API interface. The issue is a SQL injection that could allow a malicious use...

CVE-2022-45932

OpenDaylight (ODL) AAA component contains a SQL injection in the deleteRole path of RoleStore.deleteRole, exploitable via the /auth/v1/roles/ API. Affects ODL versions prior to 0.16.5. The vulnerability can allow a malicious user to execute arbitrary SQL against the backend database. Remediation:...

CVE-2022-45930

OpenDaylight ODL prior to 0.16.5 is affected by a SQL injection in the AAA domain management path. Specifically, the deleteDomain function in DomainStore.java (aaa-idm-store-h2) handles /auth/v1/domains/ in a way that can allow arbitrary SQL execution. This is caused by the SQL construction/handl...

CVE-2015-1857

CVE-2015-1857 concerns OpenDaylight Helium’s odl-mdsal-apidocs feature, where failure to enforce AAA restrictions enables remote disclosure of sensitive information. Root cause: insufficient authentication/authorization/logging controls. Impact: confidentiality exposure without explicit exploit o...