CVE-2017-10669

Published: Jun 30, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.

Affected (2)

Products: Xoev: Osci Transport Library

1 product

Osci Transport Library

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Xoev Osci Transport Library	Version 1.6.1
Xoev Osci Transport Library	Version 1.6

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (3)

http://seclists.org/fulldisclosure/2017/Jun/44

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html

Source: nvd@nist.gov

Technical DescriptionThird Party Advisory

http://seclists.org/fulldisclosure/2017/Jun/44

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.