Package impact
MAVEN / com.oviva.telematik:epa4all-client
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44900 | high | 8.1 | 8.1 | 4d ago | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45… | |||
| CVE-2026-45574 | high | 8.1 | 8.1 | 4d ago | epa4all-client: TLS Certificate Validation Disabled in Production | |||
| CVE-2026-45575 | high | 7.4 | 7.4 | 4d ago | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI netwo… |