OSA-2019-025: Unprotected APIs/UIs exposed in CLI project

Date: 2019-05-28

CVE: CVE-2019-12130

Severity: Important


  • CLI: Dublin and earlier


Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP CLI. By accessing port 30271, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.


No patch for this vulnerability has been proposed yet.


  • Jakub Botwicz from Samsung
  • Wojciech Rauner from Samsung
  • Łukasz Wrochna from Samsung
  • Radosław Żeszczuk from Samsung