Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
onap open network automation platform vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-12118
An issue exists in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
Onap Open Network Automation Platform
9.8
CVSSv3
CVE-2019-12120
An issue exists in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
Onap Open Network Automation Platform
9.8
CVSSv3
CVE-2019-12114
An issue exists in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
Onap Open Network Automation Platform
9.8
CVSSv3
CVE-2019-12115
An issue exists in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
Onap Open Network Automation Platform
9.8
CVSSv3
CVE-2019-12117
An issue exists in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected...
Onap Open Network Automation Platform
9.1
CVSSv3
CVE-2019-12131
An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.
Onap Open Network Automation Platform
9.1
CVSSv3
CVE-2019-12124
An issue exists in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.
Onap Open Network Automation Platform
8.8
CVSSv3
CVE-2019-12113
An issue exists in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.
Onap Open Network Automation Platform
8.8
CVSSv3
CVE-2019-12123
An issue exists in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.
Onap Open Network Automation Platform
7.5
CVSSv3
CVE-2019-12121
An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.
Onap Open Network Automation Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »