**Date:** 2019-05-28 **ID:** OSA-2019-009
**Title:** HOLMES exposes JDWP outside of pod which allows for arbitrary code execution **CVE:** CVE-2019-12114 **Severity:** Critical Affects ------- * HOLMES: before Dublin Description ----------- Radosław Żeszczuk from Samsung reported vulnerability in HOLMES. By accessing port 9202 of dep-holmes-engine-mgmt pod an unauthenticated attacker who already has access to pod to pod communication may execute arbitrary code inside this pod. All OOM ONAP setups which includes HOLMES are affected. Patches ------- * `87090 <https://gerrit.onap.org/r/#/c/holmes/engine-management/+/87090/>`_ Credits ------- * Radosław Żeszczuk from Samsung References ---------- * `OJSI-66 <https://jira.onap.org/browse/OJSI-66>`_ * `CVE-2019-12114 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12114>`_ -- Krzysztof Opasiak Samsung R&D Institute Poland Samsung Electronics -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17264): https://lists.onap.org/g/onap-discuss/message/17264 Mute This Topic: https://lists.onap.org/mt/31822555/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
