VDB

GCVE-110-NCSC-2025-123

GCVE-110-NCSC-2025-123
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published April 16, 2025
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Weaknesses (CWE)

CWE-20Improper Input ValidationCWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-285Improper AuthorizationCWE-502Deserialization of Untrusted DataCWE-400Uncontrolled Resource ConsumptionCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-347Improper Verification of Cryptographic SignatureCWE-287Improper AuthenticationCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-193Off-by-one ErrorCWE-226Sensitive Information in Resource Not Removed Before ReuseCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-459Incomplete CleanupCWE-1286Improper Validation of Syntactic Correctness of InputCWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds WriteCWE-122Heap-based Buffer OverflowCWE-385Covert Timing ChannelCWE-125Out-of-bounds ReadCWE-669Incorrect Resource Transfer Between SpheresCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-284Improper Access ControlCWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')CWE-918Server-Side Request Forgery (SSRF)CWE-94Improper Control of Generation of Code ('Code Injection')CWE-404Improper Resource Shutdown or Release

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
Oraclevers:oracle/1.5.0
Oraclevers:unknown/>=21.3|<=21.17
Oraclevers:oracle/21.7.1.0.0
Oracle Corporationvers:semver/19.3|<=19.26
Oraclevers:unknown/2.0
Oraclevers:oracle/23.1
Oracle Corporationvers:semver/12.1.0.3
Oraclevers:oracle/<=23.4.2
Oraclevers:oracle/3.0.6
Oraclevers:oracle/>=19.1.0.0.0|<=19.26.0.0.250219
Oraclevers:oracle/23.4.4
Oraclevers:oracle/>=23.4|<=23.6
Oraclevers:oracle/>=23.4|<=23.7
Oraclevers:unknown/>=19.1.0.0.0|<=19.26.0.0.250219
Oraclevers:oracle/<=22.4.7
Oraclevers:oracle/>=22.1.1.1.0|<=22.1.1.30.0
Oraclevers:oracle/>=21.3.0.0.0|<=21.16.0.0.0
Oraclevers:oracle/18.1.0.0
Oraclevers:oracle/>=19.1.0.0.0|<=19.1.0.0.7
Oracle Corporationvers:semver/12.1.0.2
Oraclevers:oracle/12.1.0.1
Oraclevers:oracle/<=24.1.0
Oracle Corporationvers:semver/18.1.0.1
Oraclevers:oracle/24.4.0
Oracle Corporationvers:semver/18.1.0.2
Oraclevers:oracle/24.3.0
Oracle Corporationvers:semver/21.3|<=21.17
Oraclevers:oracle/12.1.0.2
Oraclevers:unknown/none
Oraclevers:oracle/25.2.0
Oraclevers:oracle/25.1.0
Oraclevers:oracle/1.6.0
Oracle Corporationvers:semver/12.1.0.1
Oraclevers:oracle/12.1.0.3
Oraclevers:oracle/23.4.3
Oraclevers:oracle/>=23.8.0|<=23.11.0
Oraclevers:oracle/>=19.1.0.0.0|<=19.1.0.0.10
Oraclevers:oracle/<23.1
Oracle Corporationvers:semver/23.4|<=23.7
Oraclevers:oracle/>=21.4|<=21.16
Oraclevers:unknown/22.1
Oraclevers:oracle/>=24.1.0|<=24.11.0
Oraclevers:unknown/23.1
Oraclevers:oracle/18.1.0.1
Oraclevers:oracle/13.5.0.0
Oraclevers:oracle/>=19.3|<=19.22
Oraclevers:oracle/>=19.1.0.0.0|<=19.1.0.0.18
Oraclevers:oracle/18.1.0.2
Oraclevers:oracle/>=19.3|<=19.26
Oraclevers:unknown/20.2
Oracle Corporationvers:semver/18.1.0.0
Oraclevers:oracle/>=21.3|<=21.17
Oraclevers:oracle/1.6.1
Oraclevers:oracle/>=21.3|<=21.13
Oraclevers:unknown/13.5.0.0

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›