2 matches found
CVE-2026-45575
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...
PT-2026-43414
Name of the Vulnerable Software and Affected Versions epa4all-client versions prior to 1.2.5 Description Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In misconfigured deployments, such as those...