ONAP Logging Access Control Error Vulnerability

ONAP Logging is a logger in the ONAP network management system from the ONAP project. An access control error vulnerability exists in ONAP Logging Dublin and previous versions. An attacker can exploit this vulnerability to gain full privileges to the ONAP service without authentication via ports...

ONAP SO Authorization Issue Vulnerability

ONAP SO is a service orchestration program for ONAP from the ONAP project. An authorization issue vulnerability exists in ONAP SO Dublin and prior versions. An attacker can use ports 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271 to gain full privileges to the ONAP service...

ONAP OOM Access Control Error Vulnerability

The ONAP OOM is the manager for deploying, managing, and operating the ONAP platform and its components and infrastructure within the ONAP Project's suite of ONAP network management systems. An access control error vulnerability exists in ONAP OOM Dublin and prior versions. An attacker can exploi...

ONAP MSB Authorization Issues Vulnerability

ONAP MSB is a program from the ONAP project that can provide service registration, discovery and communication service functions for microservices. An authorization issue vulnerability exists in ONAP MSB Dublin and prior versions. An attacker can exploit this vulnerability to gain full privileges...

ONAP DCAE Access Control Error Vulnerability

The ONAP DCAE is a data collection, analysis, and event subsystem within the ONAP Project's suite of ONAP network management platforms. An Access Control Error vulnerability exists in ONAP DCAE Dublin and prior versions that stems from an access control error in the program. An attacker could...

CVE-2019-12125

In ONAP Logging through Dublin, by accessing an applicable port 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271, an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager OOM setups are affected...

CVE-2019-12129

In ONAP MSB through Dublin, by accessing an applicable port 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271, an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager OOM setups are affected...

ONAP SDNC Operating System Command Injection Vulnerability (CNVD-2020-28056)

The ONAP SDNC is a network-defined network controller from the ONAP program. ONAP SDNC suffers from an operating system command injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary commands with the help of a specially crafted 'filename' parameter...

ONAP Service Design and Creation Code Injection Vulnerability (CNVD-2020-24672)

ONAP Service Design and Creation SDC is a set of visual modeling and design tools for the ONAP project. A code injection vulnerability exists in ONAP SDC Dublin and prior versions that stems from faulty access control. A remote attacker can exploit this vulnerability by accessing port 4001 of the...

ONAP Service Design and Creation Code Injection Vulnerability (CNVD-2020-24671)

ONAP Service Design and Creation SDC is a set of visual modeling and design tools for the ONAP project. A code injection vulnerability exists in ONAP SDC Dublin and prior versions, which stems from faulty access control. A remote attacker can exploit this vulnerability by accessing port 6000 of t...

CVE-2019-12131

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USERID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected...