VDB
GCVE-110-NCSC-2025-20
GCVE-110-NCSC-2025-20
Advisory PublishedCVSS 9.8/10
Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.
Weaknesses (CWE)
CWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')CWE-190Integer Overflow or WraparoundCWE-502Deserialization of Untrusted DataCWE-400Uncontrolled Resource ConsumptionCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-391Unchecked Error ConditionCWE-427Uncontrolled Search Path ElementCWE-20Improper Input ValidationCWE-191Integer Underflow (Wrap or Wraparound)CWE-222Truncation of Security-relevant InformationCWE-787Out-of-bounds WriteCWE-276Incorrect Default PermissionsCWE-440Expected Behavior ViolationCWE-1333Inefficient Regular Expression ComplexityCWE-1286Improper Validation of Syntactic Correctness of InputCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-284Improper Access ControlCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-922Insecure Storage of Sensitive InformationCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-404Improper Resource Shutdown or ReleaseCWE-611Improper Restriction of XML External Entity ReferenceCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-476NULL Pointer DereferenceCWE-703Improper Check or Handling of Exceptional ConditionsCWE-466Return of Pointer Value Outside of Expected RangeCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Risk Scores
CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| oracle | application_express | — | — |
| oracle | goldengate | — | — |
| oracle | secure_backup | — | — |
| oracle | goldengate_big_data_and_application_adapters | — | — |
| oracle | database_-_graalvm_multilingual_engine | — | — |
| oracle | database_migration_assistant_for_unicode | — | — |
| oracle | database_-_data_mining | — | — |
| oracle | rest_data_services | — | — |
| oracle | graal_development_kit_for_micronaut | — | — |
| oracle | database_server | — | — |
Aliases
CVE-2022-26345CVE-2023-27043CVE-2023-36730CVE-2023-36785CVE-2023-48795CVE-2023-52428CVE-2024-11053CVE-2024-21211CVE-2024-22262CVE-2024-24789CVE-2024-24790CVE-2024-24791CVE-2024-28757CVE-2024-2961CVE-2024-33599CVE-2024-33600CVE-2024-33601CVE-2024-33602CVE-2024-38819CVE-2024-38820CVE-2024-38998CVE-2024-38999CVE-2024-4030CVE-2024-4032CVE-2024-45490CVE-2024-45491CVE-2024-45492CVE-2024-45772CVE-2024-47554CVE-2024-47561CVE-2024-50379CVE-2024-52316CVE-2024-54677CVE-2024-56337CVE-2024-6232CVE-2024-6763CVE-2024-6923CVE-2024-7254CVE-2024-7592CVE-2024-8088CVE-2024-8927CVE-2025-21553CVE-2025-21557
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.