OSA-2019-021: Unprotected APIs/UIs exposed in DCAE project

Date: 2019-05-28

CVE: CVE-2019-12126

Severity: Important

Affects

DCAE: Dublin and earlier

Description

akub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP DCAE. By accessing port 32010, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.

Patches

95524

Credits

Jakub Botwicz from Samsung
Wojciech Rauner from Samsung
Łukasz Wrochna from Samsung
Radosław Żeszczuk from Samsung

References

Read the Docs v: kohn

Versions: latest; kohn; jakarta

Downloads: html

On Read the Docs: Project Home; Builds