Java Deserialization Vulnerabilities on Goldengate Agent.
Last updated on JUNE 19, 2018
Applies to:Oracle GoldenGate Studio - Version 220.127.116.11.0 to 18.104.22.168.0 [Release 12.2]
Java version is : jdk1.8-1.8.0_172-fcs.x86_64
4 Java Deserialization Vulnerability Detected (2)
QID: 11837 CVSS Base: 10 
Category: CGI CVSS Temporal: 9.5
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 04/23/2018 CVSS3 Base: -
User Modified: - CVSS3 Temporal: -
PCI Vuln: Yes
The host runs a Java application that suffers from Java Deserialization vulnerability. The application accepts serialized objects, however it
does not validate or check untrusted input before deserializing it.
An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary Java code on the system.
Customers are advised to contact the vendor to patch this vulnerability.
Please refer to this blog (https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-yourapplication-
have-in-common-this-vulnerability/) for more information about Java Deserialization vulnerabilities.
There is no exploitability information for this vulnerability.
There is no malware information for this vulnerability.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms