CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-45930
https://notcve.org/view.php?id=CVE-2022-45930
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface. Se descubrió un problema de inyección SQL en AAA en OpenDaylight (ODL) anterior a 0.16.5. La función aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain se ve afectada para la interfaz API /auth/v1/domains/. • https://git.opendaylight.org/gerrit/c/aaa/+/103242 https://jira.opendaylight.org/browse/AAA-240 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-45932
https://notcve.org/view.php?id=CVE-2022-45932
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. Se descubrió un problema de inyección SQL en AAA en OpenDaylight (ODL) anterior a 0.16.5. La función aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole se ve afectada cuando se utiliza la interfaz API /auth/v1/roles/. • https://git.opendaylight.org/gerrit/c/aaa/+/103241 https://jira.opendaylight.org/browse/AAA-239 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-45931
https://notcve.org/view.php?id=CVE-2022-45931
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. Se descubrió un problema de inyección SQL en AAA en OpenDaylight (ODL) anterior a 0.16.5. La función aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser se ve afectada cuando se utiliza la interfaz API /auth/v1/users/. • https://git.opendaylight.org/gerrit/c/aaa/+/103243 https://jira.opendaylight.org/browse/AAA-241 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1857
https://notcve.org/view.php?id=CVE-2015-1857
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. La característica odl-mdsal-apidocs en OpenDaylight Helium permite que atacantes remotos obtengan información sensible aprovechando la falta de restricciones AAA. • https://cloudrouter.org/security https://git.opendaylight.org/gerrit/#/c/17709 https://wiki.opendaylight.org/view/Security_Advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •