VDB

GCVE-110-NCSC-2025-21

GCVE-110-NCSC-2025-21
Advisory PublishedCVSS 5.9/10
Vulnetix · Advisory published January 22, 2025
Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.

Weaknesses (CWE)

CWE-400Uncontrolled Resource ConsumptionCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-203Observable DiscrepancyCWE-61UNIX Symbolic Link (Symlink) FollowingCWE-415Double FreeCWE-834Excessive IterationCWE-770Allocation of Resources Without Limits or ThrottlingCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-201Insertion of Sensitive Information Into Sent DataCWE-311Missing Encryption of Sensitive DataCWE-502Deserialization of Untrusted DataCWE-416Use After FreeCWE-450Multiple Interpretations of UI InputCWE-269Improper Privilege ManagementCWE-787Out-of-bounds WriteCWE-924Improper Enforcement of Message Integrity During Transmission in a Communication ChannelCWE-276Incorrect Default PermissionsCWE-440Expected Behavior ViolationCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-404Improper Resource Shutdown or ReleaseCWE-1333Inefficient Regular Expression ComplexityCWE-20Improper Input ValidationCWE-476NULL Pointer DereferenceCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-345Insufficient Verification of Data AuthenticityCWE-284Improper Access ControlCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-248Uncaught ExceptionCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-703Improper Check or Handling of Exceptional ConditionsCWE-466Return of Pointer Value Outside of Expected RangeCWE-755Improper Handling of Exceptional ConditionsCWE-670Always-Incorrect Control Flow ImplementationCWE-130Improper Handling of Length Parameter InconsistencyCWE-669Incorrect Resource Transfer Between SpheresCWE-347Improper Verification of Cryptographic SignatureCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-639Authorization Bypass Through User-Controlled KeyCWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')CWE-427Uncontrolled Search Path ElementCWE-190Integer Overflow or WraparoundCWE-209Generation of Error Message Containing Sensitive InformationCWE-863Incorrect AuthorizationCWE-367Time-of-check Time-of-use (TOCTOU) Race Condition

Risk Scores

CVSS 3.1
5.9/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersionsPlatforms
oraclecommunications_convergence
oraclecommunications_offline_mediation_controller
oraclecommunications_cloud_native_core_unified_data_repository
oraclecommunications_billing_and_revenue_management
oraclecommunications_cloud_native_core_network_function_cloud_native_environment
oraclecommunications___23.4.6
oraclecommunications_instant_messaging_server
oraclecommunications_cloud_native_core_policy
oraclecommunications_unified_assurance
oraclecommunications_applications___12.0.6.0.0
oraclecommunications___24.2.0
oraclecommunications___8.6.0.8
oraclecommunications_session_report_manager
oraclecommunications_cloud_native_core_network_repository_function
oraclecommunications___9.0.2
oraclecommunications_pricing_design_center
oraclecommunications_webrtc_session_controller
oraclecommunications_performance_intelligence
oraclecommunications_brm_-_elastic_charging_engine
oraclecommunications_cloud_native_core_automated_test_suite
oraclecommunications_ip_service_activator
oraclecommunications_cloud_native_core_network_exposure_function
oraclecommunications_converged_application_server
oraclecommunications_messaging_server
oraclecommunications_user_data_repository
oraclecommunications_network_integrity
oraclecommunications_converged_charging_system
oraclecommunications_asap
oraclecommunications_eagle_element_management_system
oraclecommunications_service_catalog_and_design
oraclecommunications_cloud_native_core_security_edge_protection_proxy
oraclecommunications___23.4.4
oraclecommunications_fraud_monitor
oraclecommunications_session_border_controller
oraclecommunications_cloud_native_core_dbtier
oraclecommunications
oraclecommunications_network_analytics_data_director
oraclecommunications_cloud_native_core_service_communication_proxy
oraclecommunications_convergent_charging_controller
oraclecommunications_applications___6.0.4
oraclecommunications___23.4.5
oraclecommunications__10.4.0.4
oraclecommunications_cloud_native_core_binding_support_function
oraclecommunications_network_charging_and_control
oraclecommunications___8.6.0.6
oraclecommunications_cloud_native_core_certificate_management
oraclecommunications_core_session_manager
oraclecommunications___9.0.3
oraclecommunications_order_and_service_management
oraclecommunications_applications___5.5.22
oraclecommunications_applications___6.0.5
oraclecommunications_operations_monitor
oraclecommunications_metasolv_solution
oraclecommunications___23.4.2
oraclecommunications_applications
oraclecommunications_diameter_signaling_router
oraclecommunications_cloud_native_core_network_slice_selection_function
oraclecommunications___7.2.1.0.0
oraclecommunications___9.1.1.8.0
oraclecommunications_cloud_native_core_console
oraclecommunications_cloud_native_core_network_data_analytics_function
oraclecommunications_element_manager
oraclecommunications_unified_inventory_management
oraclecommunications_policy_management
oraclecommunications_applications___6.0.3
oraclecommunications___23.4.3

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›