VDB
GCVE-110-NCSC-2024-294
GCVE-110-NCSC-2024-294
Advisory PublishedCVSS 7.5/10
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Weaknesses (CWE)
CWE-502Deserialization of Untrusted DataCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-192Integer Coercion ErrorCWE-918Server-Side Request Forgery (SSRF)CWE-787Out-of-bounds WriteCWE-400Uncontrolled Resource ConsumptionCWE-404Improper Resource Shutdown or ReleaseCWE-295Improper Certificate ValidationCWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-222Truncation of Security-relevant InformationCWE-450Multiple Interpretations of UI InputCWE-284Improper Access ControlCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-459Incomplete CleanupCWE-416Use After FreeCWE-20Improper Input ValidationCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-476NULL Pointer DereferenceCWE-770Allocation of Resources Without Limits or ThrottlingCWE-352Cross-Site Request Forgery (CSRF)
Risk Scores
CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| oracle | communications_asap | — | — |
Aliases
CVE-2019-10086CVE-2021-29425CVE-2021-37533CVE-2021-41184CVE-2022-34169CVE-2022-36033CVE-2022-42890CVE-2022-48174CVE-2023-24998CVE-2023-33201CVE-2023-37920CVE-2023-44487CVE-2023-46589CVE-2023-48795CVE-2023-51775CVE-2023-52425CVE-2023-5685CVE-2024-0450CVE-2024-22019CVE-2024-22201CVE-2024-22234CVE-2024-22257CVE-2024-22262CVE-2024-23672CVE-2024-23807CVE-2024-23897CVE-2024-24549CVE-2024-25062CVE-2024-25710CVE-2024-26130CVE-2024-26308CVE-2024-27316CVE-2024-28182CVE-2024-28752CVE-2024-28849CVE-2024-29025CVE-2024-2961CVE-2024-34064CVE-2024-34069CVE-2024-6162
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.