VYPR

OnApp

by OnApp

CVEs (17)

  • CVE-2019-12127Mar 19, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.00

    In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12126Mar 19, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.00

    In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12125Mar 19, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.00

    In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12129Mar 19, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.00

    In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12128Mar 19, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.00

    In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12131Mar 18, 2020
    appcoins
    APPC
    risk 0.00cvss epss 0.00

    An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.

  • CVE-2019-12132Mar 18, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.02

    An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.

  • CVE-2019-12123Mar 18, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.01

    An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.

  • CVE-2019-12120Mar 18, 2020
    Cloudfoundry
    Operations Manager
    risk 0.00cvss epss 0.01

    An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12119Mar 18, 2020
    Cloudfoundry
    Operations Manager
    risk 0.00cvss epss 0.01

    An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are…

  • CVE-2019-12118Mar 18, 2020
    Cloudfoundry
    Operations Manager
    risk 0.00cvss epss 0.01

    An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are…

  • CVE-2019-12117Mar 18, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.01

    An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are…

  • CVE-2019-12116Mar 18, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.01

    An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12115Mar 18, 2020
    Cloudfoundry
    Operations Manager
    risk 0.00cvss epss 0.01

    An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12113Mar 18, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.01

    An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.

  • CVE-2019-12112Mar 18, 2020
    OnApp
    OnApp
    risk 0.00cvss epss 0.02

    An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.

  • CVE-2019-12491Jun 19, 2019
    OnApp
    OnApp
    risk 0.00cvss epss 0.00

    OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting…