.. This work is licensed under a Creative Commons Attribution 4.0 International License. .. Copyright 2019 Samsung Electronics :orphan: ========================================================= OSA-2019-022: Unprotected APIs/UIs exposed in OOM project ========================================================= **Date:** 2019-05-28 **CVE:** CVE-2019-12127 **Severity:** Important Affects ------- * OOM: El Alto and earlier Description ----------- Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP OOM. By accessing port 30270, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected. Patches ------- * `102737 `_ Credits ------- * Jakub Botwicz from Samsung * Wojciech Rauner from Samsung * Łukasz Wrochna from Samsung * Radosław Żeszczuk from Samsung References ---------- * `OJSI-202 `_ * `CVE-2019-12127 `_