OSA-2019-011: SDC exposes JDWP outside of pod which allows for arbitrary code execution
Date: 2019-05-28
CVE: CVE-2019-12116
Severity: Critical
Affects
SDC: Dublin and earlier
Description
Radosław Żeszczuk from Samsung reported vulnerability in SDC. By accessing port 6000 of demo-sdc-sdc-fe pod an unauthenticated attacker who already has access to pod to pod communication may execute arbitrary code inside this pod. All OOM ONAP setups which includes SDC are affected.
Patches
Credits
Radosław Żeszczuk from Samsung