12 matches found
CVE-2019-12121
An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...
CVE-2019-12122
An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected...
EUVD-2019-3772
Malware in sbrugna...
EUVD-2019-3773
Malware in sbrugna...
Unspecified vulnerability in ONAP Portal (CNVD-2020-28481)
ONAP Portal is a visual design tool for parsing applications from the ONAP project. An unspecified vulnerability exists in ONAP Portal. An attacker could exploit the vulnerability to decrypt information...
Unspecified Vulnerability in ONAP Portal
ONAP Portal is a visual design tool for parsing applications from the ONAP project. An unspecified vulnerability exists in ONAP Portal that stems from incorrect access control. An attacker can exploit the vulnerability by calling ONAPPORTAL/portalApi/loggedinUser to obtain sensitive information...
CVE-2019-12122
An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected...
CVE-2019-12121
An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...
Default credentials
An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected...
CVE-2019-12122
CVE-2019-12122 affects ONAP Portal (Dublin) where calling the endpoint ONAPPORTAL/portalApi/loggedinUser can allow an attacker who has a user’s cookie to retrieve that user’s password from the database. The Red Hat and NVD entries confirm the same issue across all Portal setups. The provided docu...
CVE-2019-12121
An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...
CVE-2019-12121
The CVE-2019-12121 entry concerns ONAP Portal (Dublin) and describes a padding oracle weakness in the ONAPPORTAL/processSingleSignOn UserId field. Attackers could decrypt information encrypted with the same symmetric key as UserId, affecting all Portal deployments. The connected Red Hat and other...