OSA-2019-023: Unprotected APIs/UIs exposed in SO project

Date: 2019-05-28

CVE: CVE-2019-12128

Severity: Important

Affects

  • SO: El Alto and earlier

Description

Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP SO. By accessing port 30224, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.

Patches

Fix required several patches. More details can be found in OJSI-203

Credits

  • Jakub Botwicz from Samsung

  • Wojciech Rauner from Samsung

  • Łukasz Wrochna from Samsung

  • Radosław Żeszczuk from Samsung

References