Open Network Automation Platform Security Vulnerabilities and Issues — Open Network Automation Platform CVE List

Lucene search

OnapOpen Network Automation Platform

21 matches found

CVE•added 2020/03/19 2:15 p.m.•59 views

CVE-2019-12128

In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

10CVSS9.3AI score0.00427EPSS

CVE•added 2020/03/18 7:15 p.m.•52 views

CVE-2019-12118

An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

9.8CVSS9.6AI score0.01146EPSS

CVE•added 2020/03/18 7:15 p.m.•51 views

CVE-2019-12117

An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

9.8CVSS9.6AI score0.01146EPSS

CVE•added 2020/03/18 7:15 p.m.•49 views

CVE-2019-12120

An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

9.8CVSS9.6AI score0.01146EPSS

CVE•added 2020/03/18 7:15 p.m.•49 views

CVE-2019-12123

An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.

8.8CVSS8.5AI score0.00674EPSS

CVE•added 2020/03/18 7:15 p.m.•49 views

CVE-2019-12132

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.

9.8CVSS9.4AI score0.01668EPSS

CVE•added 2020/03/18 7:15 p.m.•48 views

CVE-2019-12115

An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

9.8CVSS9.6AI score0.01146EPSS

CVE•added 2020/03/18 7:15 p.m.•46 views

CVE-2019-12113

An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.

8.8CVSS8.5AI score0.00674EPSS

CVE•added 2020/03/18 7:15 p.m.•46 views

CVE-2019-12124

An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.

9.1CVSS9.1AI score0.00565EPSS

CVE•added 2020/03/18 7:15 p.m.•45 views

CVE-2019-12114

An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

9.8CVSS9.6AI score0.01146EPSS

CVE•added 2020/03/18 7:15 p.m.•45 views

CVE-2019-12119

An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

9.8CVSS9.6AI score0.01146EPSS

CVE•added 2020/03/18 7:15 p.m.•45 views

CVE-2019-12122

An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected.

6.5CVSS6.4AI score0.00189EPSS

CVE•added 2020/03/19 6:15 p.m.•45 views

CVE-2019-12126

In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

9.8CVSS9.3AI score0.00336EPSS

CVE•added 2020/03/18 7:15 p.m.•44 views

CVE-2019-12112

An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.

9.8CVSS9.4AI score0.01668EPSS

CVE•added 2020/03/18 7:15 p.m.•43 views

CVE-2019-12121

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.

7.5CVSS7.3AI score0.00187EPSS

CVE•added 2020/03/18 7:15 p.m.•42 views

CVE-2019-12116

An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

9.8CVSS9.6AI score0.01146EPSS

CVE•added 2020/03/19 6:15 p.m.•41 views

CVE-2019-12125

In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

9.8CVSS9.3AI score0.00336EPSS

CVE•added 2020/03/18 7:15 p.m.•38 views

CVE-2019-12131

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.

9.1CVSS9.1AI score0.00297EPSS

CVE•added 2020/03/19 2:15 p.m.•30 views

CVE-2019-12129

In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

10CVSS9.3AI score0.00427EPSS

CVE•added 2020/03/19 6:15 p.m.•27 views

CVE-2019-12127

In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

9.8CVSS9.3AI score0.00336EPSS

CVE•added 2020/03/19 2:15 p.m.•25 views

CVE-2019-12130

In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

10CVSS9.3AI score0.00427EPSS