Onap Open Network Automation Platform vulnerabilities
21 known vulnerabilities affecting onap/open_network_automation_platform.
Total CVEs
21
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL17HIGH3MEDIUM1
Vulnerabilities
Page 1 of 2
CVE-2019-12128P2CRITICALCVSS 9.8≥ 3.0.0, ≤ 4.0.02020-03-19
CVE-2019-12128 [CRITICAL] CWE-306 CVE-2019-12128: In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281
In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12129P2CRITICALCVSS 9.8≥ 3.0.0, ≤ 4.0.02020-03-19
CVE-2019-12129 [CRITICAL] CWE-306 CVE-2019-12129: In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 3028
In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12130P2CRITICALCVSS 9.8≥ 3.0.0, ≤ 4.0.02020-03-19
CVE-2019-12130 [CRITICAL] CWE-306 CVE-2019-12130: In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 3028
In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12127P2CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-19
CVE-2019-12127 [CRITICAL] CWE-306 CVE-2019-12127: In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 3028
In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12126P2CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-19
CVE-2019-12126 [CRITICAL] CWE-306 CVE-2019-12126: In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 302
In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12125P2CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-19
CVE-2019-12125 [CRITICAL] CWE-306 CVE-2019-12125: In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224,
In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12115P2CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12115 [CRITICAL] CWE-306 CVE-2019-12115: An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, a
An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12119P2CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12119 [CRITICAL] CWE-306 CVE-2019-12119: An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe po
An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12120P2CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12120 [CRITICAL] CWE-306 CVE-2019-12120: An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk,
An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12116P2CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12116 [CRITICAL] CWE-306 CVE-2019-12116: An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, a
An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12114P2CRITICALCVSS 9.8fixed in 4.0.02020-03-18
CVE-2019-12114 [CRITICAL] CWE-306 CVE-2019-12114: An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mg
An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12117P2CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12117 [CRITICAL] CWE-306 CVE-2019-12117: An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboardin
An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12118P2CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12118 [CRITICAL] CWE-306 CVE-2019-12118: An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be po
An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
nvd
CVE-2019-12132P2CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12132 [CRITICAL] CWE-78 CVE-2019-12132: An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filenam
An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.
nvd
CVE-2019-12112P3CRITICALCVSS 9.8≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12112 [CRITICAL] CWE-78 CVE-2019-12112: An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename
An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.
nvd
CVE-2019-12131P3CRITICALCVSS 9.1≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12131 [CRITICAL] CWE-290 CVE-2019-12131: An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID param
An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.
nvd
CVE-2019-12124P3CRITICALCVSS 9.1≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12124 [CRITICAL] CVE-2019-12124: An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interfac
An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.
nvd
CVE-2019-12113P3HIGHCVSS 8.8fixed in 4.0.02020-03-18
CVE-2019-12113 [HIGH] CWE-78 CVE-2019-12113: An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.
nvd
CVE-2019-12123P3HIGHCVSS 8.8≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12123 [HIGH] CWE-78 CVE-2019-12123: An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted modul
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.
nvd
CVE-2019-12121P3HIGHCVSS 7.5≥ 3.0.0, < 4.0.02020-03-18
CVE-2019-12121 [HIGH] CWE-326 CVE-2019-12121: An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the
An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.
nvd
1 / 2Next →