VYPR
Vendor

ONAP

Products
10
CVEs
19
Across products
25
Status
Private

Products

10

Recent CVEs

19
  • CVE-2019-12127CriMar 19, 2020
    risk 0.64cvss 9.8epss 0.01

    In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12126CriMar 19, 2020
    risk 0.64cvss 9.8epss 0.01

    In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12125CriMar 19, 2020
    risk 0.64cvss 9.8epss 0.01

    In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12130CriMar 19, 2020
    risk 0.64cvss 9.8epss 0.02

    In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12129CriMar 19, 2020
    risk 0.64cvss 9.8epss 0.02

    In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12128CriMar 19, 2020
    risk 0.64cvss 9.8epss 0.02

    In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12120CriMar 18, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12119CriMar 18, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are…

  • CVE-2019-12118CriMar 18, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are…

  • CVE-2019-12117CriMar 18, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are…

  • CVE-2019-12116CriMar 18, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12115CriMar 18, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

  • CVE-2019-12114CriMar 18, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are…

  • CVE-2019-12112CriMar 18, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.

  • CVE-2019-12131CriMar 18, 2020
    risk 0.59cvss 9.1epss 0.01

    An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.

  • CVE-2019-12124CriMar 18, 2020
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.

  • CVE-2019-12113HigMar 18, 2020
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.

  • CVE-2019-12121HigMar 18, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.

  • CVE-2019-12122MedMar 18, 2020
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected.