VDB
GCVE-110-NCSC-2024-414
GCVE-110-NCSC-2024-414
Advisory PublishedCVSS 7.5/10
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Weaknesses (CWE)
CWE-400Uncontrolled Resource ConsumptionCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-787Out-of-bounds WriteCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-195Signed to Unsigned Conversion ErrorCWE-834Excessive IterationCWE-61UNIX Symbolic Link (Symlink) FollowingCWE-94Improper Control of Generation of Code ('Code Injection')CWE-770Allocation of Resources Without Limits or ThrottlingCWE-407Inefficient Algorithmic ComplexityCWE-222Truncation of Security-relevant InformationCWE-450Multiple Interpretations of UI InputCWE-772Missing Release of Resource after Effective LifetimeCWE-88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')CWE-606Unchecked Input for Loop ConditionCWE-116Improper Encoding or Escaping of OutputCWE-674Uncontrolled RecursionCWE-404Improper Resource Shutdown or ReleaseCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-20Improper Input ValidationCWE-125Out-of-bounds ReadCWE-284Improper Access ControlCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-459Incomplete CleanupCWE-416Use After FreeCWE-345Insufficient Verification of Data AuthenticityCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-918Server-Side Request Forgery (SSRF)CWE-126Buffer Over-readCWE-466Return of Pointer Value Outside of Expected RangeCWE-755Improper Handling of Exceptional ConditionsCWE-130Improper Handling of Length Parameter InconsistencyCWE-669Incorrect Resource Transfer Between SpheresCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-427Uncontrolled Search Path ElementCWE-190Integer Overflow or Wraparound
Risk Scores
CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| oracle | communications_convergence | — | — |
| oracle | communications_offline_mediation_controller | — | — |
| oracle | communications_cloud_native_core_unified_data_repository | — | — |
| oracle | communications_billing_and_revenue_management | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | communications_services_gatekeeper | — | — |
| oracle | communications___23.4.6 | — | — |
| oracle | communications_instant_messaging_server | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
| oracle | communications_unified_assurance | — | — |
| oracle | communications_eagle_software | — | — |
| oracle | communications_applications___12.0.6.0.0 | — | — |
| oracle | communications___24.2.0 | — | — |
| oracle | communications___8.6.0.8 | — | — |
| oracle | communications_session_report_manager | — | — |
| oracle | communications_cloud_native_core_network_repository_function | — | — |
| oracle | communications_eagle_ftp_table_base_retrieval | — | — |
| oracle | communications___9.0.2 | — | — |
| oracle | communications_pricing_design_center | — | — |
| oracle | communications_webrtc_session_controller | — | — |
| oracle | communications_performance_intelligence | — | — |
| oracle | communications_brm_-_elastic_charging_engine | — | — |
| oracle | communications_diameter_intelligence_hub | — | — |
| oracle | communications_cloud_native_core_automated_test_suite | — | — |
| oracle | communications_ip_service_activator | — | — |
| oracle | communications_converged_application_server_-_service_controller | — | — |
| oracle | communications_cloud_native_core_network_exposure_function | — | — |
| oracle | communications_contacts_server | — | — |
| oracle | communications_converged_application_server | — | — |
| oracle | communications_messaging_server | — | — |
| oracle | communications_user_data_repository | — | — |
| oracle | communications_network_integrity | — | — |
| oracle | communications_converged_charging_system | — | — |
| oracle | communications_asap | — | — |
| oracle | communications_session_route_manager | — | — |
| oracle | communications_eagle_element_management_system | — | — |
| oracle | communications_service_catalog_and_design | — | — |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | — | — |
| oracle | communications___23.4.4 | — | — |
| oracle | communications_performance_intelligence_center__pic__software | — | — |
| oracle | communications_data_model | — | — |
| oracle | communications_fraud_monitor | — | — |
| oracle | communications_lsms | — | — |
| oracle | communications_eagle_application_processor | — | — |
| oracle | communications_evolved_communications_application_server | — | — |
| oracle | communications_session_border_controller | — | — |
| oracle | communications_cloud_native_core_dbtier | — | — |
| oracle | communications_cloud_native_configuration_console | — | — |
| oracle | communications_design_studio | — | — |
| oracle | communications | — | — |
| oracle | communications_network_analytics_data_director | — | — |
| oracle | communications_cloud_native_core_service_communication_proxy | — | — |
| oracle | communications_convergent_charging_controller | — | — |
| oracle | communications_applications___6.0.4 | — | — |
| oracle | communications___23.4.5 | — | — |
| oracle | communications__10.4.0.4 | — | — |
| oracle | communications_cloud_native_core_binding_support_function | — | — |
| oracle | communications_session_router | — | — |
| oracle | communications_network_charging_and_control | — | — |
| oracle | communications_elastic_charging_engine | — | — |
| oracle | communications___8.6.0.6 | — | — |
| oracle | communications_subscriber-aware_load_balancer | — | — |
| oracle | communications_cloud_native_core_certificate_management | — | — |
| oracle | communications_core_session_manager | — | — |
| oracle | communications_interactive_session_recorder | — | — |
| oracle | communications___9.0.3 | — | — |
| oracle | communications_order_and_service_management | — | — |
| oracle | communications_unified_session_manager | — | — |
| oracle | communications_applications___5.5.22 | — | — |
| oracle | communications_eagle_lnp_application_processor | — | — |
| oracle | communications_performance_intelligence_center | — | — |
| oracle | communications_applications___6.0.5 | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_metasolv_solution | — | — |
| oracle | communications___23.4.2 | — | — |
| oracle | communications_applications | — | — |
| oracle | communications_diameter_signaling_router | — | — |
| oracle | communications_cloud_native_core_network_slice_selection_function | — | — |
| oracle | communications___7.2.1.0.0 | — | — |
| oracle | communications___9.1.1.8.0 | — | — |
| oracle | communications_cloud_native_core_console | — | — |
| oracle | communications_calendar_server | — | — |
| oracle | communications_cloud_native_core_network_data_analytics_function | — | — |
| oracle | communications_element_manager | — | — |
| oracle | communications_unified_inventory_management | — | — |
| oracle | communications_policy_management | — | — |
| oracle | communications_applications___6.0.3 | — | — |
| oracle | communications___23.4.3 | — | — |
Aliases
CVE-2021-37137CVE-2022-2068CVE-2022-23437CVE-2022-2601CVE-2022-36760CVE-2023-2953CVE-2023-3635CVE-2023-38408CVE-2023-4043CVE-2023-43642CVE-2023-46136CVE-2023-48795CVE-2023-51775CVE-2023-52428CVE-2023-5685CVE-2023-6597CVE-2023-6816CVE-2024-0450CVE-2024-22020CVE-2024-22201CVE-2024-22257CVE-2024-22262CVE-2024-23672CVE-2024-23807CVE-2024-2398CVE-2024-24549CVE-2024-25062CVE-2024-25638CVE-2024-26308CVE-2024-28182CVE-2024-28849CVE-2024-29025CVE-2024-29133CVE-2024-29736CVE-2024-29857CVE-2024-30251CVE-2024-31080CVE-2024-31744CVE-2024-32760CVE-2024-33602CVE-2024-34750CVE-2024-37371CVE-2024-37891CVE-2024-38816CVE-2024-39689CVE-2024-40898CVE-2024-41817CVE-2024-43044CVE-2024-45492CVE-2024-4577CVE-2024-4603CVE-2024-5585CVE-2024-5971CVE-2024-6162CVE-2024-6387CVE-2024-7254CVE-2024-7264
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.