org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the deleteUser
function in UserStore.java
allows a malicious user to inject and execute arbitrary SQL queries on the target system, when the /auth/v1/users/
API interface is used.
CPE | Name | Operator | Version |
---|---|---|---|
aaa-idm-store-h2 | le | 0.16.4 | |
aaa-idm-store-h2 | le | 0.16.4 |