PatchSiren

oviva-ag CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH oviva-ag CVE published 2026-05-26

CVE-2026-45574

epa4all-client versions prior to 1.2.2 fail to validate TLS certificates when connecting to the Konnektor, enabling network-path attackers to intercept sensitive healthcare communications. The vulnerability allows presentation of arbitrary certificates—self-signed, expired, or with incorrect common names—without rejection by the client. This TLS verification bypass exposes patient identifiers (KVNR), SMC- [truncated]

MEDIUM oviva-ag CVE published 2026-05-26

CVE-2026-47672

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment (e.g., following the production Docker example in the README), this is exploitable from the local network without credentials.

HIGH oviva-ag CVE published 2026-05-26

CVE-2026-45575

epa4all-client versions prior to 1.2.2 are vulnerable to a man-in-the-middle (MITM) attack targeting the TLS connection between the client and the Identity Provider (IDP) within the Telematik Infrastruktur (TI) network. An attacker positioned to intercept this connection can substitute a forged discovery document that redirects the `uri_puk_idp_enc` and `uri_puk_idp_sig` endpoints to attacker-controlled U [truncated]