OSA-2019-010: SDC exposes JDWP outside of pod which allows for arbitrary code execution

Date: 2019-05-28

CVE: CVE-2019-12115

Severity: Critical

Affects

SDC: Dublin and earlier

Description

Radosław Żeszczuk from Samsung reported vulnerability in SDC. By accessing port 4000 of demo-sdc-sdc-be pod an unauthenticated attacker who already has access to pod to pod communication may execute arbitrary code inside this pod. All OOM ONAP setups which includes SDC are affected.

Patches

94802

Credits

Radosław Żeszczuk from Samsung

References

Read the Docs v: kohn

Versions: latest; kohn; jakarta

Downloads: html

On Read the Docs: Project Home; Builds