Arbitrary User Impersonation Vulnerability in ONAP APPC and SDC

Arbitrary User Impersonation Vulnerability in ONAP APPC and SDC

CVE-2019-12131 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.

Learn more about our User Device Pen Test.