PT-2022-3101 · Oracle · Oracle Goldengate

Published

2022-04-19

Updated

2022-04-28

CVE-2022-21442

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle GoldenGate versions prior to 23.1

Description The issue is related to insufficient input validation in the OGG Core Library of Oracle GoldenGate, allowing a low-privileged attacker with logon access to the infrastructure to compromise Oracle GoldenGate. Successful attacks can result in the takeover of Oracle GoldenGate and may have a significant impact on additional products.

Recommendations For versions prior to 23.1, update to version 23.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the OGG Core Library to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-03771

CVE-2022-21442

Affected Products

Oracle Goldengate

PT-2022-3101 · Oracle · Oracle Goldengate

CVE-2022-21442

Weakness Enumeration

Related Identifiers

Affected Products

References · 4