Lucene search
K
OnapOpen Network Automation Platform

21 matches found

CVE
CVE
added 2020/03/19 1:42 p.m.73 views

CVE-2019-12128

CVE-2019-12128 affects ONAP SO (Dublin and prior) with an authorization flaw: by contacting any of ports 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, or 30271, an attacker gains full access to the corresponding ONAP services without authentication. Documents consistently describe this ...

10CVSS9.3AI score0.01655EPSS
CVE
CVE
added 2020/03/18 5:19 p.m.69 views

CVE-2019-12123

CVE-2019-12123 affects ONAP SDNC prior to Dublin. An authenticated user can trigger arbitrary command execution by calling sla/printAsXml with a crafted module parameter, impacting all SDC deployments that include admportal. The connected Red Hat and CNVD entries confirm the same issue, but the d...

8.8CVSS8.5AI score0.01256EPSS
Web
CVE
CVE
added 2020/03/18 5:7 p.m.66 views

CVE-2019-12117

CVE-2019-12117 affects ONAP SDC (Dublin) specifically via the demo-sdc-sdc-onboarding-be pod: by accessing port 4001, an unauthenticated attacker with pod-to-pod access can execute arbitrary code inside the pod. The impact is described as remote code execution affecting all ONAP Operations Manage...

9.8CVSS9.6AI score0.02065EPSS
CVE
CVE
added 2020/03/18 5:8 p.m.65 views

CVE-2019-12118

The CVE-2019-12118 entry describes an unauthenticated remote code execution in ONAP SDC (Dublin) reachable via port 7001 on the demo-sdc-sdc-wfd-be pod, affecting all ONAP Operations Manager (OOM) deployments. The issue requires pod-to-pod access and allows code execution inside the targeted pod....

9.8CVSS9.6AI score0.02065EPSS
CVE
CVE
added 2020/03/18 5:16 p.m.65 views

CVE-2019-12120

CVE-2019-12120 affects ONAP VNFSDK (Dublin) where an unauthenticated attacker with pod-to-pod access can reach port 8000 and execute arbitrary code inside the vulnerable pod. Multiple sources (including Red Hat, NVD/NVD-variant, and CVE listings) describe the same impact: remote code execution wi...

9.8CVSS9.6AI score0.02065EPSS
CVE
CVE
added 2020/03/18 5:25 p.m.64 views

CVE-2019-12132

ONAP SDNC (pre-Dublin) is affected by an OS command injection via a crafted filename parameter in sla/dgUpload, enabling unauthenticated arbitrary command execution. All SDNC deployments that include admportal are impacted. Root cause: input in the filename is unsafely handled, leading to command...

9.8CVSS9.4AI score0.01464EPSS
Web
CVE
CVE
added 2020/03/18 5:5 p.m.62 views

CVE-2019-12115

The CVE-2019-12115 issue affects ONAP SDC (Dublin) via port 4000 on the demo-sdc-sdc-be pod, where an unauthenticated attacker with pod-to-pod access can execute arbitrary code inside the targeted pod. Connected CVE sources (Red Hat, CNVD, NVD, etc.) describe the same vulnerability: code executio...

9.8CVSS9.6AI score0.02065EPSS
CVE
CVE
added 2020/03/18 5:1 p.m.61 views

CVE-2019-12112

CVE-2019-12112 affects ONAP SDNC (pre-Dublin). The issue arises when an unauthenticated user uses sla/upload with a crafted filename parameter, allowing arbitrary command execution. All SDC setups that include admportal are affected. The provided documents do not specify the exact vulnerable vers...

9.8CVSS9.4AI score0.01464EPSS
Web
CVE
CVE
added 2020/03/19 5:30 p.m.60 views

CVE-2019-12126

CVE-2019-12126 affects ONAP DCAE (Dublin) with an unauthenticated access flaw exposed via ports 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and 30271, granting full access to ONAP services. Root cause described as an access control error allowing bypass across all ONAP Operations Mana...

9.8CVSS9.3AI score0.01242EPSS
CVE
CVE
added 2020/03/18 5:3 p.m.59 views

CVE-2019-12113

ONAP SDNC (pre-Dublin) is affected by a command-injection vulnerability in sla/printAsGv triggered by a crafted module parameter. An authenticated user can execute arbitrary commands, impacting all SDC deployments that include admportal. The CVE-2019-12113 issue is documented with a high-severity...

8.8CVSS8.5AI score0.01256EPSS
Web
CVE
CVE
added 2020/03/18 5:8 p.m.59 views

CVE-2019-12119

Affected software: ONAP SDC (Dublin) components; vulnerable component is the demo-sdc-sdc-wfd-fe pod. Root cause / condition: An unauthenticated attacker who already has pod-to-pod access can access port 7000 and execute arbitrary code inside that pod. Impact: All ONAP Operations Manager (OOM) de...

9.8CVSS9.6AI score0.02065EPSS
CVE
CVE
added 2020/03/18 5:4 p.m.58 views

CVE-2019-12114

CVE-2019-12114 affects ONAP HOLMES prior to Dublin. An unauthenticated attacker with pod-to-pod access can connect to port 9202 on the dep-holmes-engine-mgmt pod and execute arbitrary code inside that pod, impacting all ONAP Operations Manager (OOM) deployments. The available documents confirm th...

9.8CVSS9.6AI score0.02065EPSS
CVE
CVE
added 2020/03/18 5:18 p.m.58 views

CVE-2019-12122

CVE-2019-12122 affects ONAP Portal (Dublin) where calling the endpoint ONAPPORTAL/portalApi/loggedinUser can allow an attacker who has a user’s cookie to retrieve that user’s password from the database. The Red Hat and NVD entries confirm the same issue across all Portal setups. The provided docu...

6.5CVSS6.4AI score0.00576EPSS
Web
CVE
CVE
added 2020/03/18 5:20 p.m.57 views

CVE-2019-12124

ONAP APPC (pre-Dublin) is affected by CVE-2019-12124. An exposed unprotected Jolokia interface allows an unauthenticated attacker to read or overwrite an arbitrary file, affecting all APPC deployments. The connected sources confirm the root cause as an exposed Jolokia interface without authentica...

9.1CVSS9.1AI score0.01163EPSS
CVE
CVE
added 2020/03/18 5:18 p.m.56 views

CVE-2019-12121

The CVE-2019-12121 entry concerns ONAP Portal (Dublin) and describes a padding oracle weakness in the ONAPPORTAL/processSingleSignOn UserId field. Attackers could decrypt information encrypted with the same symmetric key as UserId, affecting all Portal deployments. The connected Red Hat and other...

7.5CVSS7.3AI score0.00725EPSS
CVE
CVE
added 2020/03/19 5:30 p.m.55 views

CVE-2019-12125

The CVE-2019-12125 issue affects ONAP Logging (Dublin) within ONAP, where an authentication bypass on multiple ports (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, 30271) lets an attacker gain full, unauthenticated access to the affected ONAP services. The root cause is an access contro...

9.8CVSS9.3AI score0.01242EPSS
CVE
CVE
added 2020/03/18 5:6 p.m.54 views

CVE-2019-12116

CVE-2019-12116 affects ONAP SDC (Dublin) and all ONAP Operations Manager (OOM) setups. Affected component is the demo-sdc-sdc-fe pod, where an unauthenticated attacker who already has pod-to-pod access can access port 6000 and potentially execute arbitrary code inside the pod. The description con...

9.8CVSS9.6AI score0.02065EPSS
CVE
CVE
added 2020/03/18 5:26 p.m.52 views

CVE-2019-12131

CVE-2019-12131 affects ONAP APPC (Dublin) and SDC (Dublin). The issue arises from sending a USER_ID in an HTTP header, enabling an attacker to impersonate an arbitrary existing user without authentication. All APPC and SDC deployments are affected. The available documents describe the affected pr...

9.1CVSS9.1AI score0.01184EPSS
CVE
CVE
added 2020/03/19 5:30 p.m.42 views

CVE-2019-12127

CVE-2019-12127 affects ONAP Operations Manager (OOM) in Dublin and earlier, where an unauthenticated attacker can gain full access to ONAP services by hitting any of ports 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, or 30271. All OOM setups are affected. The Red Hat CNVD/NVD entries c...

9.8CVSS9.3AI score0.01242EPSS
CVE
CVE
added 2020/03/19 1:43 p.m.41 views

CVE-2019-12129

CVE-2019-12129 affects ONAP MSB (Dublin and earlier) with an authentication bypass that enables unauthenticated access to multiple ONAP services via specific ports (e.g., 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, 30271). The description across sources consistently states that this g...

10CVSS9.3AI score0.01655EPSS
CVE
CVE
added 2020/03/19 1:44 p.m.40 views

CVE-2019-12130

CVE-2019-12130 describes an unauthenticated access flaw in ONAP CLI (Dublin) where, by targeting specific ports (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, 30271), an attacker can gain full access to the respective ONAP services. The vulnerability affects all ONAP Operations Manager ...

10CVSS9.3AI score0.01655EPSS