VYPR

APPC

by ONAP

CVEs (2)

  • CVE-2019-12131CriMar 18, 2020
    risk 0.59cvss 9.1epss 0.01

    An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.

  • CVE-2019-12124CriMar 18, 2020
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.