Описание
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.
Ссылки
- Mailing ListThird Party Advisory
- Technical DescriptionThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:xoev:osci_transport_library:1.6:*:*:*:.net:*:*:*
cpe:2.3:a:xoev:osci_transport_library:1.6.1:*:*:*:java:*:*:*
EPSS
Процентиль: 33%
0.00131
Низкий
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.
EPSS
Процентиль: 33%
0.00131
Низкий
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-347