Lucene search
K

6 matches found

NVD
NVD
added 2026/05/26 9:16 p.m.16 views

CVE-2026-45575

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

7.4CVSS0.00118EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 9:1 p.m.18 views

CVE-2026-45575

The CVE concerns the epa4all-client Java client for epa4all/ePA 3.0. Before 1.2.2, an attacker who can perform a TLS man-in-the-middle between the client and the IDP within the TI network can substitute a forged discovery document. This redirects uri_puk_idp_enc and uri_puk_idp_sig to attacker-co...

7.4CVSS5.8AI score0.00118EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:1 p.m.14 views

CVE-2026-45575

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

7.4CVSS5.8AI score0.00118EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 9:1 p.m.11 views

CVE-2026-45575 epa4all-client: Improper Verification of Cryptographic Signature

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

7.4CVSS5.8AI score0.00118EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 6:30 p.m.5 views

GHSA-GQX7-6552-67HF Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client

Impact An attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects u ripukidpenc and uripukidpsig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge respons...

7.4CVSS5.8AI score0.00118EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/15 6:30 p.m.13 views

Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client

Impact An attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects u ripukidpenc and uripukidpsig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge respons...

7.4CVSS5.8AI score0.00118EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder