CVE-2014-8149
high
CVSS v3
8.8
CVSS v2
6.5
VIR risk
8.8
Description
OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — https://wiki.opendaylight.org/view/Security_Advisories
Vendor advisory: secalert@redhat.com — https://git.opendaylight.org/gerrit/#/c/14088/
Vendor advisory: secalert@redhat.com — https://git.opendaylight.org/gerrit/#/c/13972/
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| opendaylight | defense4all | {"endIncluding":"1.1.0"} | |
References
- http://www.openwall.com/lists/oss-security/2015/01/22/1
- http://www.securityfocus.com/bid/72280
- https://git.opendaylight.org/gerrit/#/c/13972/
- https://git.opendaylight.org/gerrit/#/c/14088/
- https://wiki.opendaylight.org/view/Security_Advisories
- http://www.openwall.com/lists/oss-security/2015/01/22/1
- http://www.securityfocus.com/bid/72280
- https://git.opendaylight.org/gerrit/#/c/13972/
- https://git.opendaylight.org/gerrit/#/c/14088/
- https://wiki.opendaylight.org/view/Security_Advisories
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.