CVE-2019-12118

Name of the Vulnerable Software and Affected Versions ONAP SDC versions through Dublin ONAP Operations Manager (OOM) setups (affected versions not specified)

Description An issue was discovered in ONAP SDC, allowing an unauthenticated attacker with access to pod-to-pod communication to execute arbitrary code inside the demo-sdc-sdc-wfd-be pod by accessing port 7001.

Recommendations For ONAP SDC versions through Dublin, consider restricting access to port 7001 of the demo-sdc-sdc-wfd-be pod to prevent exploitation. For ONAP Operations Manager (OOM) setups, at the moment, there is no information about a newer version that contains a fix for this vulnerability.