Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12116 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12122 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected. | |||||
| CVE-2019-12123 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12113 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12131 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected. | |||||
| CVE-2019-12126 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12112 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12119 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12125 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12130 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12117 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12128 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12114 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12118 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12121 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected. | |||||
| CVE-2019-12120 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12132 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12124 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected. | |||||
| CVE-2019-12127 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12115 | 1 Onap | 1 Open Network Automation Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||