OSA-2019-022: Unprotected APIs/UIs exposed in OOM project

Date: 2019-05-28

CVE: CVE-2019-12127

Severity: Important

Affects

• OOM: El Alto and earlier

Description

Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP OOM. By accessing port 30270, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.

Patches

• 102737

Credits

• Jakub Botwicz from Samsung

• Wojciech Rauner from Samsung

• Łukasz Wrochna from Samsung

• Radosław Żeszczuk from Samsung

References

• OJSI-202

• CVE-2019-12127