Описание
An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 4.0.0 (исключая)
cpe:2.3:a:onap:open_network_automation_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00297
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-290
Связанные уязвимости
github
больше 3 лет назад
An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.
EPSS
Процентиль: 53%
0.00297
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-290