Unrated severityNVD Advisory· Published Jun 20, 2018· Updated Aug 5, 2024

CVE-2018-1132

Description

A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Opendaylight/Sdninterfaceappinferred2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)

Patches

Vulnerability mechanics

References

www.exploit-db.com/exploits/44747/mitreexploitx_refsource_EXPLOIT-DB
www.securityfocus.com/bid/104238mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
jira.opendaylight.org/browse/SDNINTRFAC-14mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000