Oviva-ag Epa4all-client
4 CVEs affecting Oviva-ag Epa4all-client. Latest disclosed: 2026-05-26. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45574 | High | 8.1 | 2026-05-26 | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service… |
CVE-2026-44900 | High | 8.1 | 2026-05-26 | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the… |
CVE-2026-45575 | High | 7.4 | 2026-05-26 | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the… |
CVE-2026-47672 | Medium | 6.5 | 2026-05-26 | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary… |