CVE-2019-12113

Name of the Vulnerable Software and Affected Versions ONAP SDNC versions prior to Dublin

Description An issue was discovered in ONAP SDNC where an authenticated user can execute an arbitrary command by executing sla/printAsGv with a crafted module parameter. All SDC setups that include admportal are affected.

Recommendations For versions prior to Dublin, consider disabling the sla/printAsGv functionality until a patch is available. Restrict access to the admportal module to minimize the risk of exploitation. Avoid using crafted module parameters in the affected setup until the issue is resolved.