VDB

GCVE-110-NCSC-2025-28

GCVE-110-NCSC-2025-28
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published January 22, 2025
Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.

Weaknesses (CWE)

CWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input ValidationCWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')CWE-611Improper Restriction of XML External Entity ReferenceCWE-404Improper Resource Shutdown or ReleaseCWE-552Files or Directories Accessible to External PartiesCWE-248Uncaught ExceptionCWE-787Out-of-bounds WriteCWE-401Missing Release of Memory after Effective LifetimeCWE-416Use After FreeCWE-440Expected Behavior ViolationCWE-834Excessive IterationCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-208Observable Timing DiscrepancyCWE-476NULL Pointer DereferenceCWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-770Allocation of Resources Without Limits or ThrottlingCWE-670Always-Incorrect Control Flow ImplementationCWE-125Out-of-bounds ReadCWE-669Incorrect Resource Transfer Between SpheresCWE-1333Inefficient Regular Expression ComplexityCWE-284Improper Access ControlCWE-311Missing Encryption of Sensitive DataCWE-502Deserialization of Untrusted Data

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
oraclebi_publisher
oraclebusiness_intelligence
oraclebusiness_intelligence_enterprise_edition
oracleanalytics_desktop

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,734 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›