Common Vulnerabilities and Exposures (CVE)

Table of Contents

Child Pages

Scope

This page provides background and status of CVE handling by the O-RAN Software Community.

Background

The MITRE CVE database is a publicly accessible repository that catalogs known cybersecurity vulnerabilities and exposures. Managed by MITRE, it assigns each identified vulnerability a unique CVE-ID, which provides a standardized reference for security professionals worldwide. This consistent naming and classification system helps organizations quickly identify, assess, and address security risks across various software and hardware systems.

Position of O-RAN Software Community

Each O-RAN Software Community project is driven by contributions from experts whose knowledge, experience, and available time are essential to our efforts. Consequently, while addressing Common Vulnerabilities and Exposures (CVEs) is of great interest, we cannot guarantee that every identified vulnerability will be fully analyzed, processed, or resolved.

Moreover, it is important to note that not all O-RAN-SC projects are designed to be production-ready; as such, there is no explicit commitment to focusing on security aspects. Users deploying these software artifacts in production environments are encouraged to review, update, and adapt the code and associated processes in line with their own security policies and practices.

Several O-RAN SC projects are scanned by Sonarcloud, the results are public available [1][2].

References

• https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=O-RAN+oran

• [1] https://sonarcloud.io/organizations/o-ran-sc/projects

• [2] https://security.lfx.linuxfoundation.org/#/?search=O-RAN%20Software%20Community