PT-2022-4000 · Oracle · Oracle Goldengate

Lidor Ben Shitrit

Published

2022-07-19

Updated

2022-07-25

CVE-2022-21551

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle GoldenGate versions prior to 21.7.0.0.0 Oracle GoldenGate versions prior to 19.1.0.0.220719

Description The issue is related to insufficient input validation in the Oracle GoldenGate component, allowing a remote attacker to potentially execute arbitrary code. The vulnerability can be exploited via HTTP and requires human interaction from a person other than the attacker. Successful attacks can result in the takeover of Oracle GoldenGate.

Recommendations For Oracle GoldenGate versions prior to 21.7.0.0.0, update to version 21.7.0.0.0 or later. For Oracle GoldenGate versions prior to 19.1.0.0.220719, update to version 19.1.0.0.220719 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-04833

CVE-2022-21551

Affected Products

Oracle Goldengate

PT-2022-4000 · Oracle · Oracle Goldengate

CVE-2022-21551

Weakness Enumeration

Related Identifiers

Affected Products

References · 4