A SQL injection issue exists in AAA in OpenDaylight (ODL) prior to 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linuxfoundation opendaylight 0.16.0 |
||
linuxfoundation opendaylight 0.16.4 |
||
linuxfoundation opendaylight 0.15.6 |
||
linuxfoundation opendaylight 0.15.0 |