1. Task OJSI-92
    ONAP Portal is vulnerable for Padding Oracle attack (CVE-2019-12121)
  2. Task OJSI-153
    multicloud-pike exposes plain text HTTP endpoint using port 30296
  3. Task OJSI-149
    multicloud-vio exposes plain text HTTP endpoint using port 30292
  4. Task OJSI-150
    multicloud-ocata exposes plain text HTTP endpoint using port 30293
  5. Task OJSI-151
    multicloud-windriver exposes plain text HTTP endpoint using port 30294
  6. Task OJSI-130
    multicloud-azure exposes plain text HTTP endpoint using port 30261
  7. Task OJSI-148
    multicloud exposes plain text HTTP endpoint using port 30291
  8. Task OJSI-65
    ONAP Portal allows to retrieve password of currently active user (CVE-2019-12122)
  9. Task OJSI-25
    SQL Injection in APPC (CVE-2019-12316)
  10. Task OJSI-166
    Port 30290 exposes unprotected service outside of cluster
  11. Task OJSI-119
    vid exposes plain text HTTP endpoint using port 30238
  12. Task OJSI-183
    sdnc exposes ssh service on port 30208
  13. Task OJSI-99
    sdnc exposes plain text HTTP endpoint using port 30202
  14. Task OJSI-31
    Unsecured Swagger UI Interface in sdc-wfd-be
  15. Sub-task OJSI-167
    Port 32010 exposes unprotected service outside of cluster
  16. Task OJSI-113
    appc exposes plain text HTTP endpoint using port 30230
  17. Task OJSI-161
    xdcae-tca-analytics exposes plain text HTTP endpoint using port 32010
  18. Task OJSI-201
    DCAE TCA exposes unprotected APIs/UIs (CVE-2019-12126)
  19. Task OJSI-79
    demo-sdc-sdc-wfd-be exposes JDWP on port 7001 which allows for arbitrary code execution (CVE-2019-12118)
  20. Task OJSI-80
    demo-sdc-sdc-wfd-fe exposes JDWP on port 7000 which allows for arbitrary code execution (CVE-2019-12119)
  21. Task OJSI-77
    demo-sdc-sdc-fe exposes JDWP on port 6000 which allows for arbitrary code execution (CVE-2019-12116)
  22. Task OJSI-78
    demo-sdc-sdc-onboarding-be exposes JDWP on port 4001 which allows for arbitrary code execution (CVE-2019-12117)
  23. Task OJSI-76
    demo-sdc-sdc-be exposes JDWP on port 4000 which allows for arbitrary code execution (CVE-2019-12115)
  24. Task OJSI-100
    sdnc-dgbuilder exposes plain text HTTP endpoint using port 30203
  25. Task OJSI-98
    sdnc-portal exposes plain text HTTP endpoint using port 30201
  26. Task OJSI-109
    xdcae-datafile-collector exposes plain text HTTP endpoint using port 30223
  27. Task OJSI-28
    Unsecured Swagger UI Interface in xdcae-datafile-collector
  28. Sub-task OJSI-208
    XSS Vulnerability fix in RoleManageController
  29. Task OJSI-131
    dcae-datafile-collector exposes plain text HTTP endpoint using port 30262
  30. Sub-task OJSI-43
    SDNC service allows for arbitrary code execution in sla/printAsGv form (CVE-2019-12113)
  31. Sub-task OJSI-42
    SDNC service allows for arbitrary code execution in sla/printAsXml form (CVE-2019-12123)
  32. Sub-task OJSI-41
    SDNC service allows for arbitrary code execution in sla/dgUpload form (CVE-2019-12132)
  33. Task OJSI-199
    SDNC service allows for arbitrary code execution in sla/upload form (CVE-2019-12112)
  34. Task OJSI-40
    SDNC service allows for arbitrary code execution
  35. Task OJSI-15
    XSS vulnerabilities in ONAP Portal (CVE-2019-12317)
  36. Sub-task OJSI-168
    Port 30270 exposes unprotected service outside of cluster
  37. Task OJSI-34
    Multiple SQL Injection issues in SDNC
  38. Task OJSI-196
    cds-ui exposes plain text HTTP endpoint using port 30497
  39. Task OJSI-30
    Unsecured Swagger UI Interface in xdcae-ves-collector
  40. Task OJSI-91
    SDNC exposes unprotected API for user creation
Refresh results