CVE-2019-12112

Name of the Vulnerable Software and Affected Versions ONAP SDNC versions prior to Dublin

Description An issue was discovered in ONAP SDNC where an unauthenticated attacker can execute an arbitrary command by executing sla/upload with a crafted filename parameter. All SDC setups that include admportal are affected.

Recommendations For versions prior to Dublin, consider disabling the sla/upload functionality until a patch is available. Restrict access to the admportal to minimize the risk of exploitation. Avoid using crafted filename parameters in the affected endpoint until the issue is resolved.