CVE-2019-12128

Name of the Vulnerable Software and Affected Versions ONAP SO through Dublin ONAP Operations Manager (OOM) setups (affected versions not specified)

Description The issue allows an attacker to gain full access to ONAP services without authentication by accessing specific ports, including 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271. All ONAP Operations Manager setups are affected.

Recommendations For ONAP SO through Dublin, restrict access to the specified ports (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271) to prevent unauthorized access. For ONAP Operations Manager (OOM) setups, consider implementing additional authentication mechanisms to prevent full access to services without proper credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.