ONAP Security Advisories
- OSA-2019-026: AAF Secret Management Service allows to access all stored data
- OSA-2019-025: Unprotected APIs/UIs exposed in CLI project
- OSA-2019-024: Unprotected APIs/UIs exposed in MSB project
- OSA-2019-023: Unprotected APIs/UIs exposed in SO project
- OSA-2019-022: Unprotected APIs/UIs exposed in OOM project
- OSA-2019-021: Unprotected APIs/UIs exposed in DCAE project
- OSA-2019-020: Unprotected APIs/UIs exposed in Logging project
- OSA-2019-019: SDNC service allows for arbitrary code execution in sla/upload form
- OSA-2019-018: SQL Injections in Portal
- OSA-2019-017: Some ONAP services allows to impersonate any user without authentication
- OSA-2019-016: ONAP Portal is vulnerable for Padding Oracle attack
- OSA-2019-016: VNFSDK exposes JDWP port on localhost which allows to gain root privileges inside the container
- OSA-2019-014: SDC exposes JDWP outside of pod which allows for arbitrary code execution
- OSA-2019-013: SDC exposes JDWP outside of pod which allows for arbitrary code execution
- OSA-2019-012: SDC exposes JDWP outside of pod which allows for arbitrary code execution
- OSA-2019-011: SDC exposes JDWP outside of pod which allows for arbitrary code execution
- OSA-2019-010: SDC exposes JDWP outside of pod which allows for arbitrary code execution
- OSA-2019-009: HOLMES exposes JDWP outside of pod which allows for arbitrary code execution
- OSA-2019-008: ONAP Portal allows to retrieve password of currently active user
- OSA-2019-007: APPC exposes Jolokia interface which allows to read and overwrite an arbitrary file
- OSA-2019-006: SDNC service allows for arbitrary code execution in sla/printAsGv form
- OSA-2019-005: SDNC service allows for arbitrary code execution in sla/printAsXml form
- OSA-2019-004: SDNC service allows for arbitrary code execution in sla/dgUpload form
- OSA-2019-003: SQL Injections in SDNC
- OSA-2019-002: SQL Injection in APPC
- OSA-2019-001: Number of XSS vulnerabilities in Portal