VDB

GCVE-110-NCSC-2024-417

GCVE-110-NCSC-2024-417
Advisory PublishedCVSS 6.9/10
Vulnetix · Advisory published October 17, 2024
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Weaknesses (CWE)

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-502Deserialization of Untrusted DataCWE-59Improper Link Resolution Before File Access ('Link Following')CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource ConsumptionCWE-404Improper Resource Shutdown or ReleaseCWE-94Improper Control of Generation of Code ('Code Injection')CWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-416Use After FreeCWE-20Improper Input ValidationCWE-401Missing Release of Memory after Effective LifetimeCWE-918Server-Side Request Forgery (SSRF)CWE-787Out-of-bounds WriteCWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')CWE-190Integer Overflow or Wraparound

Risk Scores

CVSS 3.1
6.9/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
oraclewebcenter_forms_recognition
oraclebusiness_process_management_suite
oraclewebcenter_portal
oracleweblogic_server
oraclebusiness_activity_monitoring
oracleenterprise_manager_fusion_middleware_control
oracleidentity_manager_connector
oracledata_integrator
oracleoutside_in_technology
oraclemiddleware_common_libraries_and_tools
oraclewebcenter_content
oraclemanaged_file_transfer
oraclebusiness_activity_monitoring__bam_
oraclewebcenter_sites
oracleweblogic_server_proxy_plug-in
oraclewebcenter_sites_support_tools
oraclewebcenter_enterprise_capture
oracleglobal_lifecycle_management_fmw_installer
oraclehttp_server

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›