OSA-2019-018: SQL Injections in Portal
Portal: El Alto and earlier
Jakub Botwicz and Łukasz Wrochna from Samsung reported a number of vulnerabilities in ONAP Portal. By providing a crafted user input, an attacker gains access to the service database. All ONAP setups are affected.
Issue fixed with major ONAP Portal rework in Frankfurt.
Jakub Botwicz from Samsung
Łukasz Wrochna from Samsung