CVE-2019-12121

Published: Mar 18, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.

Affected (1)

Products: Onap: Open Network Automation Platform

1 product

Open Network Automation Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Onap Open Network Automation Platform	From 3.0.0 to 4.0.0

Related CWEs

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://jira.onap.org/browse/OJSI-92

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://jira.onap.org/browse/OJSI-92

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

Timeline

No history available yet.