6.5
CVE-2017-10669
- EPSS 0.49%
- Veröffentlicht 30.06.2017 12:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSignature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xoev ≫ Osci Transport Library Version1.6 SwEdition.net
Xoev ≫ Osci Transport Library Version1.6.1 SwEditionjava
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.38 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
http://seclists.org/fulldisclosure/2017/Jun/44
http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html