OSA-2019-003: SQL Injections in SDNC
Date: 2019-05-28
CVE: CVE-2019-12319
Severity: Important
Affects
SDNC: before Dublin
Description
Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a number of vulnerabilities in ONAP SDNC. By providing a crafted user input, an attacker (also unauthenticated) gains access to the service database. All ONAP setups are affected.
Patches
Warning
Above patch should be considered only as a temporary walkaround as it only prevents admportal from starting instead of fixing the issues.
Credits
Jakub Botwicz from Samsung
Wojciech Rauner from Samsung
Łukasz Wrochna from Samsung
Radosław Żeszczuk from Samsung