Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Linuxfoundation Subscribe
Filtered by product Opendaylight
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-45930 1 Linuxfoundation 1 Opendaylight 2022-11-30 N/A 7.5 HIGH
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.
CVE-2022-45931 1 Linuxfoundation 1 Opendaylight 2022-11-30 N/A 7.5 HIGH
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
CVE-2022-45932 1 Linuxfoundation 1 Opendaylight 2022-11-30 N/A 7.5 HIGH
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
CVE-2015-1857 1 Linuxfoundation 1 Opendaylight 2021-06-16 5.0 MEDIUM 5.3 MEDIUM
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions.