Marc Nimmerrichter

**Nome do software vulnerável e versões afetadas** Windows Docker (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma vulnerabilidade de divulgação de informações no Windows Docker. Ela permite que invasores obtenham informações confidenciais e possam afetar o sistema. Não há informações disponíveis sobre o número estimado de dispositivos potencialmente afetados em todo o mundo nem sobre incidentes reais em que essa vulnerabilidade tenha sido explorada. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** OSCI Transport Library versions 1.6, 1.6.1 **Description** A Padding Oracle issue exists, allowing an attacker to decrypt transport encryption under a man-in-the-middle (MITM) condition within the OSCI infrastructure. The attacker must send crafted protocol messages to analyze the CBC mode padding. **Recommendations** For OSCI Transport Library version 1.6, update to a version that fixes the Padding Oracle issue. For OSCI Transport Library version 1.6.1, update to a version that fixes the Padding Oracle issue. As a temporary workaround, consider restricting access to the OSCI infrastructure to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OSCI Transport Library versions 1.6 through 1.6.1 **Description** The issue allows an attacker with access to unencrypted OSCI protocol messages to send crafted protocol messages with duplicate IDs, potentially exploiting the Signature Wrapping vulnerability in OSCI-Transport 1.2 as used in the OSCI Transport Library. **Recommendations** For OSCI Transport Library versions 1.6 through 1.6.1, consider implementing encryption for OSCI protocol messages to prevent unauthorized access and mitigate the risk of exploitation. As a temporary workaround, restrict access to unencrypted OSCI protocol messages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OSCI Transport Library versions 1.6, 1.6.1 **Description** An XML External Entity (XXE) issue exists, which can be exploited by sending a crafted standard-conforming OSCI message from within the infrastructure. **Recommendations** For OSCI Transport Library version 1.6, consider disabling the XML parsing functionality until a patch is available. For OSCI Transport Library version 1.6.1, consider disabling the XML parsing functionality until a patch is available.