CVE-2017-10668

MEDIUM

Xoev Osci Transport Library - Broken Cryptographic Algorithm

Title source: rule

Description

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.

References (2)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Jun/44

[Technical Description, Third Party Advisory] http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html

Scores

CVSS v3 5.9

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-327

Status published

Products (3)

xoev/osci_transport_library

n/a/n/a

Published Jun 30, 2017

Tracked Since Feb 18, 2026