{"vulnerability": "CVE-2019-1212", "sightings": [{"uuid": "caa5c6bf-b111-4f3c-a7f0-105293e2827b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-12128", "type": "seen", "source": "https://t.me/cibsecurity/10627", "content": "ATENTION\u203c New - CVE-2019-12128\n\nIn ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-19T17:31:22.000000Z"}, {"uuid": "02c0da73-587a-4b86-a410-a4fce52055a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-12120", "type": "seen", "source": "https://t.me/cibsecurity/10592", "content": "ATENTION\u203c New - CVE-2019-12120\n\nAn issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-18T21:31:15.000000Z"}, {"uuid": "f8edea22-a820-4c80-a799-af7583f555d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-12124", "type": "seen", "source": "https://t.me/cibsecurity/10588", "content": "ATENTION\u203c New - CVE-2019-12124\n\nAn issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-18T21:31:10.000000Z"}, {"uuid": "6ef28712-5121-44b5-aeaf-df702c56c69d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-12121", "type": "seen", "source": "https://t.me/cibsecurity/10591", "content": "ATENTION\u203c New - CVE-2019-12121\n\nAn issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-18T21:31:14.000000Z"}, {"uuid": "e5806da5-ae42-4e74-9aa8-bbadc4dc2a49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-12123", "type": "seen", "source": "https://t.me/cibsecurity/10589", "content": "ATENTION\u203c New - CVE-2019-12123\n\nAn issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-18T21:31:12.000000Z"}, {"uuid": "7d0b20d2-1dfe-4cdf-8b80-ca010cd1820c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-12122", "type": "seen", "source": "https://t.me/cibsecurity/10590", "content": "ATENTION\u203c New - CVE-2019-12122\n\nAn issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-18T21:31:13.000000Z"}]}