.. This work is licensed under a Creative Commons Attribution 4.0 International License. .. Copyright 2019 Samsung Electronics :orphan: ====================================== OSA-2019-018: SQL Injections in Portal ====================================== **Date:** 2019-05-28 **CVE:** CVE-2019-12318 **Severity:** Important Affects ------- * Portal: El Alto and earlier Description ----------- Jakub Botwicz and Łukasz Wrochna from Samsung reported a number of vulnerabilities in ONAP Portal. By providing a crafted user input, an attacker gains access to the service database. All ONAP setups are affected. Patches ------- Issue fixed with major ONAP Portal rework in Frankfurt. Credits ------- * Jakub Botwicz from Samsung * Łukasz Wrochna from Samsung References ---------- * `OJSI-174 `_ * `CVE-2019-12318 `_