OSA-2019-022: Unprotected APIs/UIs exposed in OOM project

Date: 2019-05-28

CVE: CVE-2019-12127

Severity: Important

Affects

  • OOM: El Alto and earlier

Description

Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP OOM. By accessing port 30270, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.

Patches

Credits

  • Jakub Botwicz from Samsung

  • Wojciech Rauner from Samsung

  • Łukasz Wrochna from Samsung

  • Radosław Żeszczuk from Samsung

References