1.6.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

xoev

CWE-611

critical

NVD

Published: 2017-06-30

Updated: 2017-07-06

Summary

An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.

Vulnerable Configurations

Part	Description	Count
Application	Xoev Xoev Osci Transport Library 1.6.1 Xoev Osci Transport Library 1.6	2

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

http://seclists.org/fulldisclosure/2017/Jun/44
http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html