CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-10670

An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://seclists.org/fulldisclosure/2017/Jun/44
http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html
http://seclists.org/fulldisclosure/2017/Jun/44

Products affected by CVE-2017-10670

Xoev » Osci Transport Library » Version: 1.6

cpe:2.3:a:xoev:osci_transport_library:1.6
Xoev » Osci Transport Library » Version: 1.6.1

cpe:2.3:a:xoev:osci_transport_library:1.6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-10670

Products

Pricing

Contact Us