21 matches found
CVE-2019-12128
CVE-2019-12128 affects ONAP SO (Dublin and prior) with an authorization flaw: by contacting any of ports 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, or 30271, an attacker gains full access to the corresponding ONAP services without authentication. Documents consistently describe this ...
CVE-2019-12123
CVE-2019-12123 affects ONAP SDNC prior to Dublin. An authenticated user can trigger arbitrary command execution by calling sla/printAsXml with a crafted module parameter, impacting all SDC deployments that include admportal. The connected Red Hat and CNVD entries confirm the same issue, but the d...
CVE-2019-12117
CVE-2019-12117 affects ONAP SDC (Dublin) specifically via the demo-sdc-sdc-onboarding-be pod: by accessing port 4001, an unauthenticated attacker with pod-to-pod access can execute arbitrary code inside the pod. The impact is described as remote code execution affecting all ONAP Operations Manage...
CVE-2019-12118
The CVE-2019-12118 entry describes an unauthenticated remote code execution in ONAP SDC (Dublin) reachable via port 7001 on the demo-sdc-sdc-wfd-be pod, affecting all ONAP Operations Manager (OOM) deployments. The issue requires pod-to-pod access and allows code execution inside the targeted pod....
CVE-2019-12120
CVE-2019-12120 affects ONAP VNFSDK (Dublin) where an unauthenticated attacker with pod-to-pod access can reach port 8000 and execute arbitrary code inside the vulnerable pod. Multiple sources (including Red Hat, NVD/NVD-variant, and CVE listings) describe the same impact: remote code execution wi...
CVE-2019-12132
ONAP SDNC (pre-Dublin) is affected by an OS command injection via a crafted filename parameter in sla/dgUpload, enabling unauthenticated arbitrary command execution. All SDNC deployments that include admportal are impacted. Root cause: input in the filename is unsafely handled, leading to command...
CVE-2019-12115
The CVE-2019-12115 issue affects ONAP SDC (Dublin) via port 4000 on the demo-sdc-sdc-be pod, where an unauthenticated attacker with pod-to-pod access can execute arbitrary code inside the targeted pod. Connected CVE sources (Red Hat, CNVD, NVD, etc.) describe the same vulnerability: code executio...
CVE-2019-12112
CVE-2019-12112 affects ONAP SDNC (pre-Dublin). The issue arises when an unauthenticated user uses sla/upload with a crafted filename parameter, allowing arbitrary command execution. All SDC setups that include admportal are affected. The provided documents do not specify the exact vulnerable vers...
CVE-2019-12126
CVE-2019-12126 affects ONAP DCAE (Dublin) with an unauthenticated access flaw exposed via ports 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and 30271, granting full access to ONAP services. Root cause described as an access control error allowing bypass across all ONAP Operations Mana...
CVE-2019-12113
ONAP SDNC (pre-Dublin) is affected by a command-injection vulnerability in sla/printAsGv triggered by a crafted module parameter. An authenticated user can execute arbitrary commands, impacting all SDC deployments that include admportal. The CVE-2019-12113 issue is documented with a high-severity...
CVE-2019-12119
Affected software: ONAP SDC (Dublin) components; vulnerable component is the demo-sdc-sdc-wfd-fe pod. Root cause / condition: An unauthenticated attacker who already has pod-to-pod access can access port 7000 and execute arbitrary code inside that pod. Impact: All ONAP Operations Manager (OOM) de...
CVE-2019-12114
CVE-2019-12114 affects ONAP HOLMES prior to Dublin. An unauthenticated attacker with pod-to-pod access can connect to port 9202 on the dep-holmes-engine-mgmt pod and execute arbitrary code inside that pod, impacting all ONAP Operations Manager (OOM) deployments. The available documents confirm th...
CVE-2019-12122
CVE-2019-12122 affects ONAP Portal (Dublin) where calling the endpoint ONAPPORTAL/portalApi/loggedinUser can allow an attacker who has a user’s cookie to retrieve that user’s password from the database. The Red Hat and NVD entries confirm the same issue across all Portal setups. The provided docu...
CVE-2019-12124
ONAP APPC (pre-Dublin) is affected by CVE-2019-12124. An exposed unprotected Jolokia interface allows an unauthenticated attacker to read or overwrite an arbitrary file, affecting all APPC deployments. The connected sources confirm the root cause as an exposed Jolokia interface without authentica...
CVE-2019-12121
The CVE-2019-12121 entry concerns ONAP Portal (Dublin) and describes a padding oracle weakness in the ONAPPORTAL/processSingleSignOn UserId field. Attackers could decrypt information encrypted with the same symmetric key as UserId, affecting all Portal deployments. The connected Red Hat and other...
CVE-2019-12125
The CVE-2019-12125 issue affects ONAP Logging (Dublin) within ONAP, where an authentication bypass on multiple ports (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, 30271) lets an attacker gain full, unauthenticated access to the affected ONAP services. The root cause is an access contro...
CVE-2019-12116
CVE-2019-12116 affects ONAP SDC (Dublin) and all ONAP Operations Manager (OOM) setups. Affected component is the demo-sdc-sdc-fe pod, where an unauthenticated attacker who already has pod-to-pod access can access port 6000 and potentially execute arbitrary code inside the pod. The description con...
CVE-2019-12131
CVE-2019-12131 affects ONAP APPC (Dublin) and SDC (Dublin). The issue arises from sending a USER_ID in an HTTP header, enabling an attacker to impersonate an arbitrary existing user without authentication. All APPC and SDC deployments are affected. The available documents describe the affected pr...
CVE-2019-12127
CVE-2019-12127 affects ONAP Operations Manager (OOM) in Dublin and earlier, where an unauthenticated attacker can gain full access to ONAP services by hitting any of ports 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, or 30271. All OOM setups are affected. The Red Hat CNVD/NVD entries c...
CVE-2019-12129
CVE-2019-12129 affects ONAP MSB (Dublin and earlier) with an authentication bypass that enables unauthenticated access to multiple ONAP services via specific ports (e.g., 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, 30271). The description across sources consistently states that this g...
CVE-2019-12130
CVE-2019-12130 describes an unauthenticated access flaw in ONAP CLI (Dublin) where, by targeting specific ports (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, 30271), an attacker can gain full access to the respective ONAP services. The vulnerability affects all ONAP Operations Manager ...