VDB
GCVE-110-NCSC-2025-28
GCVE-110-NCSC-2025-28
Advisory PublishedCVSS 7.5/10
Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.
Weaknesses (CWE)
CWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input ValidationCWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')CWE-611Improper Restriction of XML External Entity ReferenceCWE-404Improper Resource Shutdown or ReleaseCWE-552Files or Directories Accessible to External PartiesCWE-248Uncaught ExceptionCWE-787Out-of-bounds WriteCWE-401Missing Release of Memory after Effective LifetimeCWE-416Use After FreeCWE-440Expected Behavior ViolationCWE-834Excessive IterationCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-208Observable Timing DiscrepancyCWE-476NULL Pointer DereferenceCWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-770Allocation of Resources Without Limits or ThrottlingCWE-670Always-Incorrect Control Flow ImplementationCWE-125Out-of-bounds ReadCWE-669Incorrect Resource Transfer Between SpheresCWE-1333Inefficient Regular Expression ComplexityCWE-284Improper Access ControlCWE-311Missing Encryption of Sensitive DataCWE-502Deserialization of Untrusted Data
Risk Scores
CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| oracle | bi_publisher | — | — |
| oracle | business_intelligence | — | — |
| oracle | business_intelligence_enterprise_edition | — | — |
| oracle | analytics_desktop | — | — |
Aliases
CVE-2020-13956CVE-2020-2849CVE-2020-28975CVE-2020-7760CVE-2021-23926CVE-2021-33813CVE-2022-40150CVE-2023-24998CVE-2023-25399CVE-2023-2976CVE-2023-29824CVE-2023-32732CVE-2023-33202CVE-2023-33953CVE-2023-43804CVE-2023-44487CVE-2023-45803CVE-2023-4785CVE-2023-50782CVE-2023-7272CVE-2024-0727CVE-2024-1135CVE-2024-22195CVE-2024-26130CVE-2024-29025CVE-2024-29131CVE-2024-34064CVE-2024-35195CVE-2024-36114CVE-2024-37891CVE-2024-38809CVE-2024-38820CVE-2024-43382CVE-2024-4741CVE-2024-47561CVE-2024-5535CVE-2024-7254CVE-2025-21532
References
Browse GCVE Records
73,734 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.