Document OJSI-78 (CVE-2019-12117) vulnerability

Issue-ID: OJSI-78
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib1c58719d3d33d47b5e237fb21deae1101940bcd

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 84947c6..c03516a 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -104,6 +104,7 @@ Security Notes
 -  [`OJSI-31 <https://jira.onap.org/browse/OJSI-31>`__\ ] - Unsecured Swagger UI Interface in sdc-wfd-be
 -  CVE-2019-12115 [`OJSI-76 <https://jira.onap.org/browse/OJSI-76>`__\ ] - demo-sdc-sdc-be exposes JDWP on port 4000 which allows for arbitrary code execution
 -  CVE-2019-12116 [`OJSI-77 <https://jira.onap.org/browse/OJSI-77>`__\ ] - demo-sdc-sdc-fe exposes JDWP on port 6000 which allows for arbitrary code execution
+-  CVE-2019-12117 [`OJSI-78 <https://jira.onap.org/browse/OJSI-78>`__\ ] - demo-sdc-sdc-onboarding-be exposes JDWP on port 4001 which allows for arbitrary code execution
 
 *Known Vulnerabilities in Used Modules*