VDB
GCVE-110-NCSC-2025-123
GCVE-110-NCSC-2025-123
Advisory PublishedCVSS 7.5/10
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Weaknesses (CWE)
CWE-20Improper Input ValidationCWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-285Improper AuthorizationCWE-502Deserialization of Untrusted DataCWE-400Uncontrolled Resource ConsumptionCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-347Improper Verification of Cryptographic SignatureCWE-287Improper AuthenticationCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-193Off-by-one ErrorCWE-226Sensitive Information in Resource Not Removed Before ReuseCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-459Incomplete CleanupCWE-1286Improper Validation of Syntactic Correctness of InputCWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds WriteCWE-122Heap-based Buffer OverflowCWE-385Covert Timing ChannelCWE-125Out-of-bounds ReadCWE-669Incorrect Resource Transfer Between SpheresCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-284Improper Access ControlCWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')CWE-918Server-Side Request Forgery (SSRF)CWE-94Improper Control of Generation of Code ('Code Injection')CWE-404Improper Resource Shutdown or Release
Risk Scores
CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Oracle | vers:oracle/1.5.0 | — | — |
| Oracle | vers:unknown/>=21.3|<=21.17 | — | — |
| Oracle | vers:oracle/21.7.1.0.0 | — | — |
| Oracle Corporation | vers:semver/19.3|<=19.26 | — | — |
| Oracle | vers:unknown/2.0 | — | — |
| Oracle | vers:oracle/23.1 | — | — |
| Oracle Corporation | vers:semver/12.1.0.3 | — | — |
| Oracle | vers:oracle/<=23.4.2 | — | — |
| Oracle | vers:oracle/3.0.6 | — | — |
| Oracle | vers:oracle/>=19.1.0.0.0|<=19.26.0.0.250219 | — | — |
| Oracle | vers:oracle/23.4.4 | — | — |
| Oracle | vers:oracle/>=23.4|<=23.6 | — | — |
| Oracle | vers:oracle/>=23.4|<=23.7 | — | — |
| Oracle | vers:unknown/>=19.1.0.0.0|<=19.26.0.0.250219 | — | — |
| Oracle | vers:oracle/<=22.4.7 | — | — |
| Oracle | vers:oracle/>=22.1.1.1.0|<=22.1.1.30.0 | — | — |
| Oracle | vers:oracle/>=21.3.0.0.0|<=21.16.0.0.0 | — | — |
| Oracle | vers:oracle/18.1.0.0 | — | — |
| Oracle | vers:oracle/>=19.1.0.0.0|<=19.1.0.0.7 | — | — |
| Oracle Corporation | vers:semver/12.1.0.2 | — | — |
| Oracle | vers:oracle/12.1.0.1 | — | — |
| Oracle | vers:oracle/<=24.1.0 | — | — |
| Oracle Corporation | vers:semver/18.1.0.1 | — | — |
| Oracle | vers:oracle/24.4.0 | — | — |
| Oracle Corporation | vers:semver/18.1.0.2 | — | — |
| Oracle | vers:oracle/24.3.0 | — | — |
| Oracle Corporation | vers:semver/21.3|<=21.17 | — | — |
| Oracle | vers:oracle/12.1.0.2 | — | — |
| Oracle | vers:unknown/none | — | — |
| Oracle | vers:oracle/25.2.0 | — | — |
| Oracle | vers:oracle/25.1.0 | — | — |
| Oracle | vers:oracle/1.6.0 | — | — |
| Oracle Corporation | vers:semver/12.1.0.1 | — | — |
| Oracle | vers:oracle/12.1.0.3 | — | — |
| Oracle | vers:oracle/23.4.3 | — | — |
| Oracle | vers:oracle/>=23.8.0|<=23.11.0 | — | — |
| Oracle | vers:oracle/>=19.1.0.0.0|<=19.1.0.0.10 | — | — |
| Oracle | vers:oracle/<23.1 | — | — |
| Oracle Corporation | vers:semver/23.4|<=23.7 | — | — |
| Oracle | vers:oracle/>=21.4|<=21.16 | — | — |
| Oracle | vers:unknown/22.1 | — | — |
| Oracle | vers:oracle/>=24.1.0|<=24.11.0 | — | — |
| Oracle | vers:unknown/23.1 | — | — |
| Oracle | vers:oracle/18.1.0.1 | — | — |
| Oracle | vers:oracle/13.5.0.0 | — | — |
| Oracle | vers:oracle/>=19.3|<=19.22 | — | — |
| Oracle | vers:oracle/>=19.1.0.0.0|<=19.1.0.0.18 | — | — |
| Oracle | vers:oracle/18.1.0.2 | — | — |
| Oracle | vers:oracle/>=19.3|<=19.26 | — | — |
| Oracle | vers:unknown/20.2 | — | — |
| Oracle Corporation | vers:semver/18.1.0.0 | — | — |
| Oracle | vers:oracle/>=21.3|<=21.17 | — | — |
| Oracle | vers:oracle/1.6.1 | — | — |
| Oracle | vers:oracle/>=21.3|<=21.13 | — | — |
| Oracle | vers:unknown/13.5.0.0 | — | — |
Aliases
CVE-2020-11996CVE-2020-13935CVE-2020-13943CVE-2020-1935CVE-2020-1938CVE-2020-36843CVE-2020-9484CVE-2021-24122CVE-2021-25122CVE-2021-25329CVE-2021-30640CVE-2021-33037CVE-2021-41079CVE-2021-41184CVE-2021-42575CVE-2021-43980CVE-2022-25762CVE-2022-3786CVE-2022-42252CVE-2023-28708CVE-2023-34053CVE-2023-41080CVE-2023-42795CVE-2023-44487CVE-2023-45648CVE-2023-46589CVE-2024-11053CVE-2024-11233CVE-2024-11234CVE-2024-11236CVE-2024-13176CVE-2024-23672CVE-2024-24549CVE-2024-36114CVE-2024-37891CVE-2024-38819CVE-2024-38820CVE-2024-38999CVE-2024-39338CVE-2024-47554CVE-2024-47561CVE-2024-53382CVE-2024-57699CVE-2024-6763CVE-2024-8176CVE-2024-8184CVE-2024-9143CVE-2025-21578CVE-2025-24813CVE-2025-24970CVE-2025-25193CVE-2025-26791CVE-2025-30694CVE-2025-30701CVE-2025-30702CVE-2025-30733CVE-2025-30736
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.