VDB

GCVE-110-NCSC-2024-414

GCVE-110-NCSC-2024-414
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published October 17, 2024
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Weaknesses (CWE)

CWE-400Uncontrolled Resource ConsumptionCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-787Out-of-bounds WriteCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-195Signed to Unsigned Conversion ErrorCWE-834Excessive IterationCWE-61UNIX Symbolic Link (Symlink) FollowingCWE-94Improper Control of Generation of Code ('Code Injection')CWE-770Allocation of Resources Without Limits or ThrottlingCWE-407Inefficient Algorithmic ComplexityCWE-222Truncation of Security-relevant InformationCWE-450Multiple Interpretations of UI InputCWE-772Missing Release of Resource after Effective LifetimeCWE-88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')CWE-606Unchecked Input for Loop ConditionCWE-116Improper Encoding or Escaping of OutputCWE-674Uncontrolled RecursionCWE-404Improper Resource Shutdown or ReleaseCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-20Improper Input ValidationCWE-125Out-of-bounds ReadCWE-284Improper Access ControlCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-459Incomplete CleanupCWE-416Use After FreeCWE-345Insufficient Verification of Data AuthenticityCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-918Server-Side Request Forgery (SSRF)CWE-126Buffer Over-readCWE-466Return of Pointer Value Outside of Expected RangeCWE-755Improper Handling of Exceptional ConditionsCWE-130Improper Handling of Length Parameter InconsistencyCWE-669Incorrect Resource Transfer Between SpheresCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-427Uncontrolled Search Path ElementCWE-190Integer Overflow or Wraparound

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
oraclecommunications_convergence
oraclecommunications_offline_mediation_controller
oraclecommunications_cloud_native_core_unified_data_repository
oraclecommunications_billing_and_revenue_management
oraclecommunications_cloud_native_core_network_function_cloud_native_environment
oraclecommunications_services_gatekeeper
oraclecommunications___23.4.6
oraclecommunications_instant_messaging_server
oraclecommunications_cloud_native_core_policy
oraclecommunications_unified_assurance
oraclecommunications_eagle_software
oraclecommunications_applications___12.0.6.0.0
oraclecommunications___24.2.0
oraclecommunications___8.6.0.8
oraclecommunications_session_report_manager
oraclecommunications_cloud_native_core_network_repository_function
oraclecommunications_eagle_ftp_table_base_retrieval
oraclecommunications___9.0.2
oraclecommunications_pricing_design_center
oraclecommunications_webrtc_session_controller
oraclecommunications_performance_intelligence
oraclecommunications_brm_-_elastic_charging_engine
oraclecommunications_diameter_intelligence_hub
oraclecommunications_cloud_native_core_automated_test_suite
oraclecommunications_ip_service_activator
oraclecommunications_converged_application_server_-_service_controller
oraclecommunications_cloud_native_core_network_exposure_function
oraclecommunications_contacts_server
oraclecommunications_converged_application_server
oraclecommunications_messaging_server
oraclecommunications_user_data_repository
oraclecommunications_network_integrity
oraclecommunications_converged_charging_system
oraclecommunications_asap
oraclecommunications_session_route_manager
oraclecommunications_eagle_element_management_system
oraclecommunications_service_catalog_and_design
oraclecommunications_cloud_native_core_security_edge_protection_proxy
oraclecommunications___23.4.4
oraclecommunications_performance_intelligence_center__pic__software
oraclecommunications_data_model
oraclecommunications_fraud_monitor
oraclecommunications_lsms
oraclecommunications_eagle_application_processor
oraclecommunications_evolved_communications_application_server
oraclecommunications_session_border_controller
oraclecommunications_cloud_native_core_dbtier
oraclecommunications_cloud_native_configuration_console
oraclecommunications_design_studio
oraclecommunications
oraclecommunications_network_analytics_data_director
oraclecommunications_cloud_native_core_service_communication_proxy
oraclecommunications_convergent_charging_controller
oraclecommunications_applications___6.0.4
oraclecommunications___23.4.5
oraclecommunications__10.4.0.4
oraclecommunications_cloud_native_core_binding_support_function
oraclecommunications_session_router
oraclecommunications_network_charging_and_control
oraclecommunications_elastic_charging_engine
oraclecommunications___8.6.0.6
oraclecommunications_subscriber-aware_load_balancer
oraclecommunications_cloud_native_core_certificate_management
oraclecommunications_core_session_manager
oraclecommunications_interactive_session_recorder
oraclecommunications___9.0.3
oraclecommunications_order_and_service_management
oraclecommunications_unified_session_manager
oraclecommunications_applications___5.5.22
oraclecommunications_eagle_lnp_application_processor
oraclecommunications_performance_intelligence_center
oraclecommunications_applications___6.0.5
oraclecommunications_operations_monitor
oraclecommunications_metasolv_solution
oraclecommunications___23.4.2
oraclecommunications_applications
oraclecommunications_diameter_signaling_router
oraclecommunications_cloud_native_core_network_slice_selection_function
oraclecommunications___7.2.1.0.0
oraclecommunications___9.1.1.8.0
oraclecommunications_cloud_native_core_console
oraclecommunications_calendar_server
oraclecommunications_cloud_native_core_network_data_analytics_function
oraclecommunications_element_manager
oraclecommunications_unified_inventory_management
oraclecommunications_policy_management
oraclecommunications_applications___6.0.3
oraclecommunications___23.4.3

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›