VDB

GCVE-110-NCSC-2024-294

GCVE-110-NCSC-2024-294
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published July 17, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Weaknesses (CWE)

CWE-502Deserialization of Untrusted DataCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-192Integer Coercion ErrorCWE-918Server-Side Request Forgery (SSRF)CWE-787Out-of-bounds WriteCWE-400Uncontrolled Resource ConsumptionCWE-404Improper Resource Shutdown or ReleaseCWE-295Improper Certificate ValidationCWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-222Truncation of Security-relevant InformationCWE-450Multiple Interpretations of UI InputCWE-284Improper Access ControlCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-459Incomplete CleanupCWE-416Use After FreeCWE-20Improper Input ValidationCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-476NULL Pointer DereferenceCWE-770Allocation of Resources Without Limits or ThrottlingCWE-352Cross-Site Request Forgery (CSRF)

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
oraclecommunications_asap

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›