Описание
An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.0 (исключая)
cpe:2.3:a:onap:open_network_automation_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01146
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-306
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
EPSS
Процентиль: 78%
0.01146
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-306