CVE-2019-12114

Name of the Vulnerable Software and Affected Versions ONAP HOLMES versions prior to Dublin ONAP Operations Manager (OOM) (affected versions not specified)

Description An issue was discovered in ONAP HOLMES. By accessing port 9202 of the dep-holmes-engine-mgmt pod, an unauthenticated attacker who already has access to pod-to-pod communication may execute arbitrary code inside that pod.

Recommendations For ONAP HOLMES versions prior to Dublin, consider restricting access to port 9202 of the dep-holmes-engine-mgmt pod to minimize the risk of exploitation. For ONAP Operations Manager (OOM), at the moment, there is no information about a newer version that contains a fix for this vulnerability.