Published: 30/06/2017 Updated: 06/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xoev osci transport library 1.6.1
xoev osci transport library 1.6

German e-gov protocol carries ancient vulns

The Register • Richard Chirgwin • 03 Jul 2017

Dies ist eine Chaos

Germany's e-government system is open to padding oracle attacks and other vulnerabilities because of an insecure communications protocol. According to this SEC-Consult advisory, which landed on Friday, the problems are in the OSCI-Transport Library version 1.2, for which a common implementation is in Java. OSCI, the Online Services Computer Interface, is the foundation of Germany's e-government. It's meant to provide secure, confidential, and legally-binding transmission over untrusted networks ...

CVE-2017-10670

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect