Java Deserialization Vulnerabilities on Goldengate Agent.

(Doc ID 2410002.1)

Last updated on JUNE 19, 2018

Applies to:

Oracle GoldenGate Studio - Version 12.2.1.2.0 to 12.2.1.2.0 [Release 12.2]
Linux x86-64

Symptoms

Java version is : jdk1.8-1.8.0_172-fcs.x86_64

4 Java Deserialization Vulnerability Detected (2)
QID: 11837 CVSS Base: 10 [1]
Category: CGI CVSS Temporal: 9.5
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 04/23/2018 CVSS3 Base: -
User Modified: - CVSS3 Temporal: -
Edited: No
PCI Vuln: Yes
THREAT:
The host runs a Java application that suffers from Java Deserialization vulnerability. The application accepts serialized objects, however it
does not validate or check untrusted input before deserializing it.
IMPACT:
An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary Java code on the system.
SOLUTION:
Customers are advised to contact the vendor to patch this vulnerability.
Please refer to this blog (https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-yourapplication-
have-in-common-this-vulnerability/) for more information about Java Deserialization vulnerabilities.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms