This page aggregates publicly disclosed CVE and security risk information related to onap, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-12127 | In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 0.35% | 2020-03-19 | 2024-11-21 |
| CVE-2019-12126 | In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 0.35% | 2020-03-19 | 2024-11-21 |
| CVE-2019-12125 | In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 0.35% | 2020-03-19 | 2024-11-21 |
| CVE-2019-12130 | In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 0.43% | 2020-03-19 | 2024-11-21 |
| CVE-2019-12129 | In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 0.43% | 2020-03-19 | 2024-11-21 |
| CVE-2019-12128 | In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 0.43% | 2020-03-19 | 2024-11-21 |
| CVE-2019-12132 | An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | [email protected] | 9.8 | 1.67% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12131 | An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected. | [email protected] | 9.1 | 0.25% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12124 | An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected. | [email protected] | 9.1 | 0.56% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12123 | An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | [email protected] | 8.8 | 0.67% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12122 | An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected. | [email protected] | 6.5 | 0.15% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12121 | An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected. | [email protected] | 7.5 | 0.15% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12120 | An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 1.15% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12119 | An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 1.15% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12118 | An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 1.15% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12117 | An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 1.15% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12116 | An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 1.15% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12115 | An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 1.15% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12114 | An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | [email protected] | 9.8 | 1.15% | 2020-03-18 | 2024-11-21 |
| CVE-2019-12113 | An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | [email protected] | 8.8 | 0.67% | 2020-03-18 | 2024-11-21 |