Onap

Open Network Automation Platform

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-12127

  • EPSS 0.34%
  • Veröffentlicht 19.03.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 04:22:15

In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager ...

9.8

CVE-2019-12126

  • EPSS 0.34%
  • Veröffentlicht 19.03.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 04:22:15

In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager...

9.8

CVE-2019-12125

  • EPSS 0.34%
  • Veröffentlicht 19.03.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 04:22:15

In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Mana...

10

CVE-2019-12130

  • EPSS 0.43%
  • Veröffentlicht 19.03.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:22:16

In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager ...

10

CVE-2019-12129

  • EPSS 0.43%
  • Veröffentlicht 19.03.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:22:16

In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager ...

10

CVE-2019-12128

  • EPSS 0.43%
  • Veröffentlicht 19.03.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:22:15

In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (...

9.8

CVE-2019-12132

Exploit
  • EPSS 1.67%
  • Veröffentlicht 18.03.2020 19:15:15
  • Zuletzt bearbeitet 21.11.2024 04:22:16

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.

6.5

CVE-2019-12122

Exploit
  • EPSS 0.19%
  • Veröffentlicht 18.03.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 04:22:15

An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected.

9.1

CVE-2019-12131

Exploit
  • EPSS 0.3%
  • Veröffentlicht 18.03.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 04:22:16

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.

9.1

CVE-2019-12124

Exploit
  • EPSS 0.57%
  • Veröffentlicht 18.03.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 04:22:15

An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.