OSA-2019-021: Unprotected APIs/UIs exposed in DCAE project
Date: 2019-05-28
CVE: CVE-2019-12126
Severity: Important
Affects
DCAE: Dublin and earlier
Description
akub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP DCAE. By accessing port 32010, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.
Patches
Credits
Jakub Botwicz from Samsung
Wojciech Rauner from Samsung
Łukasz Wrochna from Samsung
Radosław Żeszczuk from Samsung