cvedb.io
CVE-2017-10668
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2017-06-30T12:29:00.213 · Last modified 2026-06-17T01:00:30.233

Summary

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.

Affected products

xoev — osci_transport_library

Does this affect you?

Add your gear to cvedb and we'll alert you only when xoev ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.