VDB
GCVE-110-NCSC-2024-417
GCVE-110-NCSC-2024-417
Advisory PublishedCVSS 6.9/10
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Weaknesses (CWE)
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-502Deserialization of Untrusted DataCWE-59Improper Link Resolution Before File Access ('Link Following')CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource ConsumptionCWE-404Improper Resource Shutdown or ReleaseCWE-94Improper Control of Generation of Code ('Code Injection')CWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-416Use After FreeCWE-20Improper Input ValidationCWE-401Missing Release of Memory after Effective LifetimeCWE-918Server-Side Request Forgery (SSRF)CWE-787Out-of-bounds WriteCWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')CWE-190Integer Overflow or Wraparound
Risk Scores
CVSS 3.1
6.9/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| oracle | webcenter_forms_recognition | — | — |
| oracle | business_process_management_suite | — | — |
| oracle | webcenter_portal | — | — |
| oracle | weblogic_server | — | — |
| oracle | business_activity_monitoring | — | — |
| oracle | enterprise_manager_fusion_middleware_control | — | — |
| oracle | identity_manager_connector | — | — |
| oracle | data_integrator | — | — |
| oracle | outside_in_technology | — | — |
| oracle | middleware_common_libraries_and_tools | — | — |
| oracle | webcenter_content | — | — |
| oracle | managed_file_transfer | — | — |
| oracle | business_activity_monitoring__bam_ | — | — |
| oracle | webcenter_sites | — | — |
| oracle | weblogic_server_proxy_plug-in | — | — |
| oracle | webcenter_sites_support_tools | — | — |
| oracle | webcenter_enterprise_capture | — | — |
| oracle | global_lifecycle_management_fmw_installer | — | — |
| oracle | http_server | — | — |
Aliases
CVE-2020-11023CVE-2020-17521CVE-2022-1471CVE-2023-35116CVE-2023-39743CVE-2023-4759CVE-2023-51775CVE-2024-21190CVE-2024-21191CVE-2024-21192CVE-2024-21205CVE-2024-21215CVE-2024-21216CVE-2024-21234CVE-2024-21246CVE-2024-21260CVE-2024-21274CVE-2024-22201CVE-2024-22262CVE-2024-23807CVE-2024-24549CVE-2024-2511CVE-2024-25269CVE-2024-28182CVE-2024-28752CVE-2024-29131CVE-2024-36052CVE-2024-38999CVE-2024-45492CVE-2024-6345
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.