Published: 20/06/2018 Updated: 09/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opendaylight sdninterfaceapp

A flaw was found in Opendaylight's SDNInterfaceapp (SDNI) Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp ...

OpenDaylight suffers from a remote SQL injection vulnerability ...

CWE-89 https://jira.opendaylight.org/browse/SDNINTRFAC-14 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132 https://www.exploit-db.com/exploits/44747/http://www.securityfocus.com/bid/104238 https://nvd.nist.gov https://packetstormsecurity.com/files/147856/OpenDaylight-SQL-Injection.html https://access.redhat.com/security/cve/cve-2018-1132

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-1132

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect