.. This work is licensed under a Creative Commons Attribution 4.0 International License. .. Copyright 2019 Samsung Electronics :orphan: ========================================================= OSA-2019-024: Unprotected APIs/UIs exposed in MSB project ========================================================= **Date:** 2019-05-28 **CVE:** CVE-2019-12129 **Severity:** Important Affects ------- * MSB: Dublin and earlier Description ----------- Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a number of vulnerabilities in ONAP MSB. By accessing one of: * 30281 * 30285 ports, an attacker gains full access to the respective ONAP services without any authentication. All ONAP OOM setups are affected. Patches ------- No patch for this vulnerability has been proposed yet. Credits ------- * Jakub Botwicz from Samsung * Wojciech Rauner from Samsung * Łukasz Wrochna from Samsung * Radosław Żeszczuk from Samsung References ---------- * `OJSI-204 `_ * `CVE-2019-12129 `_