22 matches found
CVE-2026-33875
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33875
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33874
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...
CVE-2026-33875
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
EUVD-2026-16817
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33875
Gematik Authenticator (software component for digital health login) is affected. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing an attacker to authenticate as a victim who clicks a malicious deep link. Root cause is not explicitly detailed beyond th...
CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33874 Authenticator vulnerable to Remote Code Execution
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...
CVE-2026-33874 Authenticator vulnerable to Remote Code Execution
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...
CVE-2026-33874 Authenticator vulnerable to Remote Code Execution
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...
CVE-2026-33874
The issue concerns the Mac OS version of the gematik Authenticator. From version 4.12.0 up to, but not including, 4.16.0, it is affected by a remote code execution vulnerability triggered when a user opens a malicious file. The vulnerability’s impact is rated high with local access and user inter...
EUVD-2026-16816
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...
CVE-2026-33874
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...
PT-2026-28546
Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions prior to 4.16.0 Description Gematik Authenticator is used to securely authenticate users for login to digital health applications. Versions prior to 4.16.0 are susceptible to authentication flow hijacking. An...
PT-2026-28545
Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions 4.12.0 through 4.15.9 Description The Gematik Authenticator, used for secure user authentication in digital health applications, has a flaw on Mac OS systems. Opening a specially crafted file can lead to remote...
CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
Impact The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a Server Side...
de.gematik.bbriccs:bricks-integration-coverage (=0.1.9), de.gematik.bbriccs:fd-fhir-client-brick (=0.1.9) +18 more potentially affected by CVE-2024-46984 via de.gematik.refv.commons:commons (>=0.1.3 <=2.5.0)
de.gematik.refv.commons:commons MAVEN version =0.1.3, =0.1.9, =0.1.9, =2.1.0, =1.0.0, =0.6.0, =0.3.0, =0.1.3, =0.5.0, =0.5.0, =0.4.1, =0.1.3, =0.3.0 and more Source cves: CVE-2024-46984 Source advisory: OSV:GHSA-68J8-FP38-P48Q...