Java Deserialization Vulnerabilities on Goldengate Agent.
(Doc ID 2410002.1)
Last updated on JANUARY 18, 2023
Applies to:
Oracle GoldenGate Studio - Version 12.2.1.2.0 to 12.2.1.2.0 [Release 12.2]Linux x86-64
Symptoms
Java version is : jdk1.8-1.8.0_172-fcs.x86_64
4 Java Deserialization Vulnerability Detected (2)
QID: 11837 CVSS Base: 10 [1]
Category: CGI CVSS Temporal: 9.5
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 04/23/2018 CVSS3 Base: -
User Modified: - CVSS3 Temporal: -
Edited: No
PCI Vuln: Yes
THREAT:
The host runs a Java application that suffers from Java Deserialization vulnerability. The application accepts serialized objects, however it
does not validate or check untrusted input before deserializing it.
IMPACT:
An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary Java code on the system.
SOLUTION:
Customers are advised to contact the vendor to patch this vulnerability.
Please refer to this blog (https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-yourapplication-
have-in-common-this-vulnerability/) for more information about Java Deserialization vulnerabilities.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |