Insecure Input Validation in Floodlight 1.2's StaticFlowEntryPusherResource.java

Insecure Input Validation in Floodlight 1.2's StaticFlowEntryPusherResource.java

CVE-2020-18685 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.

Learn more about our Web Application Penetration Testing UK.