CVE-2017-10668

Published: Jun 30, 2017Modified: May 13, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.

Affected (2)

Products: Xoev: Osci Transport Library

1 product

Osci Transport Library

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Xoev Osci Transport Library	Version 1.6.1
Xoev Osci Transport Library	Version 1.6

Related CWEs

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (3)

http://seclists.org/fulldisclosure/2017/Jun/44

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html

Source: nvd@nist.gov

Technical DescriptionThird Party Advisory

http://seclists.org/fulldisclosure/2017/Jun/44

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.