Filtered by vendor Linuxfoundation Subscriptions
Filtered by product Opendaylight Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-37018 1 Linuxfoundation 1 Opendaylight 2024-12-17 9.1 Critical
The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.
CVE-2022-45932 1 Linuxfoundation 1 Opendaylight 2024-11-21 7.5 High
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
CVE-2022-45931 1 Linuxfoundation 1 Opendaylight 2024-11-21 7.5 High
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
CVE-2022-45930 1 Linuxfoundation 1 Opendaylight 2024-11-21 7.5 High
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.
CVE-2015-1857 1 Linuxfoundation 1 Opendaylight 2024-11-21 5.3 Medium
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions.