VDB
GCVE-110-NCSC-2025-21
GCVE-110-NCSC-2025-21
Advisory PublishedCVSS 5.9/10
Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.
Weaknesses (CWE)
CWE-400Uncontrolled Resource ConsumptionCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-203Observable DiscrepancyCWE-61UNIX Symbolic Link (Symlink) FollowingCWE-415Double FreeCWE-834Excessive IterationCWE-770Allocation of Resources Without Limits or ThrottlingCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-201Insertion of Sensitive Information Into Sent DataCWE-311Missing Encryption of Sensitive DataCWE-502Deserialization of Untrusted DataCWE-416Use After FreeCWE-450Multiple Interpretations of UI InputCWE-269Improper Privilege ManagementCWE-787Out-of-bounds WriteCWE-924Improper Enforcement of Message Integrity During Transmission in a Communication ChannelCWE-276Incorrect Default PermissionsCWE-440Expected Behavior ViolationCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-404Improper Resource Shutdown or ReleaseCWE-1333Inefficient Regular Expression ComplexityCWE-20Improper Input ValidationCWE-476NULL Pointer DereferenceCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-345Insufficient Verification of Data AuthenticityCWE-284Improper Access ControlCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-248Uncaught ExceptionCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-703Improper Check or Handling of Exceptional ConditionsCWE-466Return of Pointer Value Outside of Expected RangeCWE-755Improper Handling of Exceptional ConditionsCWE-670Always-Incorrect Control Flow ImplementationCWE-130Improper Handling of Length Parameter InconsistencyCWE-669Incorrect Resource Transfer Between SpheresCWE-347Improper Verification of Cryptographic SignatureCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-639Authorization Bypass Through User-Controlled KeyCWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')CWE-427Uncontrolled Search Path ElementCWE-190Integer Overflow or WraparoundCWE-209Generation of Error Message Containing Sensitive InformationCWE-863Incorrect AuthorizationCWE-367Time-of-check Time-of-use (TOCTOU) Race Condition
Risk Scores
CVSS 3.1
5.9/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| oracle | communications_convergence | — | — |
| oracle | communications_offline_mediation_controller | — | — |
| oracle | communications_cloud_native_core_unified_data_repository | — | — |
| oracle | communications_billing_and_revenue_management | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | communications___23.4.6 | — | — |
| oracle | communications_instant_messaging_server | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
| oracle | communications_unified_assurance | — | — |
| oracle | communications_applications___12.0.6.0.0 | — | — |
| oracle | communications___24.2.0 | — | — |
| oracle | communications___8.6.0.8 | — | — |
| oracle | communications_session_report_manager | — | — |
| oracle | communications_cloud_native_core_network_repository_function | — | — |
| oracle | communications___9.0.2 | — | — |
| oracle | communications_pricing_design_center | — | — |
| oracle | communications_webrtc_session_controller | — | — |
| oracle | communications_performance_intelligence | — | — |
| oracle | communications_brm_-_elastic_charging_engine | — | — |
| oracle | communications_cloud_native_core_automated_test_suite | — | — |
| oracle | communications_ip_service_activator | — | — |
| oracle | communications_cloud_native_core_network_exposure_function | — | — |
| oracle | communications_converged_application_server | — | — |
| oracle | communications_messaging_server | — | — |
| oracle | communications_user_data_repository | — | — |
| oracle | communications_network_integrity | — | — |
| oracle | communications_converged_charging_system | — | — |
| oracle | communications_asap | — | — |
| oracle | communications_eagle_element_management_system | — | — |
| oracle | communications_service_catalog_and_design | — | — |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | — | — |
| oracle | communications___23.4.4 | — | — |
| oracle | communications_fraud_monitor | — | — |
| oracle | communications_session_border_controller | — | — |
| oracle | communications_cloud_native_core_dbtier | — | — |
| oracle | communications | — | — |
| oracle | communications_network_analytics_data_director | — | — |
| oracle | communications_cloud_native_core_service_communication_proxy | — | — |
| oracle | communications_convergent_charging_controller | — | — |
| oracle | communications_applications___6.0.4 | — | — |
| oracle | communications___23.4.5 | — | — |
| oracle | communications__10.4.0.4 | — | — |
| oracle | communications_cloud_native_core_binding_support_function | — | — |
| oracle | communications_network_charging_and_control | — | — |
| oracle | communications___8.6.0.6 | — | — |
| oracle | communications_cloud_native_core_certificate_management | — | — |
| oracle | communications_core_session_manager | — | — |
| oracle | communications___9.0.3 | — | — |
| oracle | communications_order_and_service_management | — | — |
| oracle | communications_applications___5.5.22 | — | — |
| oracle | communications_applications___6.0.5 | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_metasolv_solution | — | — |
| oracle | communications___23.4.2 | — | — |
| oracle | communications_applications | — | — |
| oracle | communications_diameter_signaling_router | — | — |
| oracle | communications_cloud_native_core_network_slice_selection_function | — | — |
| oracle | communications___7.2.1.0.0 | — | — |
| oracle | communications___9.1.1.8.0 | — | — |
| oracle | communications_cloud_native_core_console | — | — |
| oracle | communications_cloud_native_core_network_data_analytics_function | — | — |
| oracle | communications_element_manager | — | — |
| oracle | communications_unified_inventory_management | — | — |
| oracle | communications_policy_management | — | — |
| oracle | communications_applications___6.0.3 | — | — |
| oracle | communications___23.4.3 | — | — |
Aliases
CVE-2022-41727CVE-2023-29407CVE-2023-29408CVE-2023-40577CVE-2023-4408CVE-2023-46218CVE-2023-46219CVE-2023-46604CVE-2023-50868CVE-2023-5678CVE-2023-5981CVE-2023-6597CVE-2023-7256CVE-2024-0232CVE-2024-0397CVE-2024-0450CVE-2024-1442CVE-2024-22195CVE-2024-24786CVE-2024-24791CVE-2024-25638CVE-2024-25710CVE-2024-26308CVE-2024-27309CVE-2024-28219CVE-2024-28834CVE-2024-28835CVE-2024-28849CVE-2024-29025CVE-2024-29131CVE-2024-29133CVE-2024-2961CVE-2024-33599CVE-2024-33600CVE-2024-33601CVE-2024-33602CVE-2024-34064CVE-2024-34750CVE-2024-35195CVE-2024-3596CVE-2024-37370CVE-2024-37371CVE-2024-37891CVE-2024-38475CVE-2024-38807CVE-2024-38809CVE-2024-38816CVE-2024-38819CVE-2024-38820CVE-2024-38827CVE-2024-38998CVE-2024-38999CVE-2024-4030CVE-2024-4032CVE-2024-41817CVE-2024-45490CVE-2024-45491CVE-2024-45492CVE-2024-47535CVE-2024-47554CVE-2024-47561CVE-2024-47803CVE-2024-47804CVE-2024-49766CVE-2024-49767CVE-2024-50379CVE-2024-50602CVE-2024-53677CVE-2024-54677CVE-2024-5535CVE-2024-56337CVE-2024-6119CVE-2024-6162CVE-2024-6232CVE-2024-7254CVE-2024-7592CVE-2024-7885CVE-2024-8006CVE-2024-9143CVE-2025-21542CVE-2025-21544CVE-2025-21554
References
Browse GCVE Records
73,053 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.