VDB

GCVE-110-NCSC-2024-299

GCVE-110-NCSC-2024-299
Advisory PublishedCVSS 9.1/10
Vulnetix · Advisory published July 17, 2024
Er zijn kwetsbaarheden verholpen in Oracle Analytics.

Weaknesses (CWE)

CWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-787Out-of-bounds WriteCWE-674Uncontrolled RecursionCWE-426Untrusted Search PathCWE-400Uncontrolled Resource ConsumptionCWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-222Truncation of Security-relevant InformationCWE-476NULL Pointer DereferenceCWE-285Improper AuthorizationCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')

Risk Scores

CVSS 3.1
9.1/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
oracleanalytics_desktop

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›