Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-45932

Published: 27/11/2022 Updated: 30/11/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Opendaylight

Vulnerability Summary

A SQL injection issue exists in AAA in OpenDaylight (ODL) prior to 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linuxfoundation opendaylight 0.16.0

linuxfoundation opendaylight 0.16.4

linuxfoundation opendaylight 0.15.6

linuxfoundation opendaylight 0.15.0

Vendor Advisories

Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0165 The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStorejava deleteRole function is affected when the API interface /auth/v1/roles/ is used ...

References

CWE-89https://jira.opendaylight.org/browse/AAA-239https://git.opendaylight.org/gerrit/c/aaa/+/103241https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-45932
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook