org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the deleteRole
function in RoleStore.java
allows a malicious user to inject and execute arbitrary SQL queries on the target system, when the API interface /auth/v1/roles/
is used.
CPE | Name | Operator | Version |
---|---|---|---|
aaa-idm-store-h2 | le | 0.16.4 | |
aaa-idm-store-h2 | le | 0.16.4 |