Onap Open Network Automation Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Onap Open Network Automation Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2019-12112 — CVSS 9.8 (critical): An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker…
CVE-2019-12126 — CVSS 9.8 (critical): In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an…
CVE-2019-12127 — CVSS 9.8 (critical): In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an…
CVE-2019-12128 — CVSS 9.8 (critical): In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an…
CVE-2019-12129 — CVSS 9.8 (critical): In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an…
CVE-2019-12130 — CVSS 9.8 (critical): In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an…
CVE-2019-12132 — CVSS 9.8 (critical): An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated…
CVE-2019-12114 — CVSS 9.8 (critical): An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker…
CVE-2019-12115 — CVSS 9.8 (critical): An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already…
CVE-2019-12116 — CVSS 9.8 (critical): An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already…
CVE-2019-12117 — CVSS 9.8 (critical): An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker…
CVE-2019-12118 — CVSS 9.8 (critical): An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who…
CVE-2019-12119 — CVSS 9.8 (critical): An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who…
CVE-2019-12120 — CVSS 9.8 (critical): An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who…
CVE-2019-12125 — CVSS 9.8 (critical): In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an…
CVE-2019-12124 — CVSS 9.1 (critical): An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read…
CVE-2019-12131 — CVSS 9.1 (critical): An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may…
CVE-2019-12113 — CVSS 8.8 (high): An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can…
CVE-2019-12123 — CVSS 8.8 (high): An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can…
CVE-2019-12121 — CVSS 7.5 (high): An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId…
CVE-2019-12122 — CVSS 6.5 (medium): An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses…