OSA-2019-023: Unprotected APIs/UIs exposed in SO project
SO: El Alto and earlier
Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP SO. By accessing port 30224, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.
Fix required several patches. More details can be found in OJSI-203
Jakub Botwicz from Samsung
Wojciech Rauner from Samsung
Łukasz Wrochna from Samsung
Radosław Żeszczuk from Samsung