Java Deserialization Vulnerabilities on Goldengate Agent.
(Doc ID 2410002.1)
Last updated on JUNE 19, 2018
Applies to:Oracle GoldenGate Studio - Version 220.127.116.11.0 to 18.104.22.168.0 [Release 12.2]
Java version is : jdk1.8-1.8.0_172-fcs.x86_64
4 Java Deserialization Vulnerability Detected (2)
QID: 11837 CVSS Base: 10 
Category: CGI CVSS Temporal: 9.5
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 04/23/2018 CVSS3 Base: -
User Modified: - CVSS3 Temporal: -
PCI Vuln: Yes
The host runs a Java application that suffers from Java Deserialization vulnerability. The application accepts serialized objects, however it
does not validate or check untrusted input before deserializing it.
An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary Java code on the system.
Customers are advised to contact the vendor to patch this vulnerability.
Please refer to this blog (https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-yourapplication-
have-in-common-this-vulnerability/) for more information about Java Deserialization vulnerabilities.
There is no exploitability information for this vulnerability.
There is no malware information for this vulnerability.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document