CVE-2018-2913

CRITICAL

Oracle GoldenGate <12.3.0.1.0 - RCE

Title source: llm
STIX 2.1

Description

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Monitoring Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. Note: For Linux and Windows platforms, the CVSS score is 9.0 with Access Complexity as High. For all other platforms, the cvss score is 10.0. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105651
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2018-31

Scores

CVSS v3 10.0
EPSS 0.0418
EPSS Percentile 89.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (3)
oracle/goldengate 12.1.2.1.0
oracle/goldengate 12.2.0.2.0
oracle/goldengate 12.3.0.1.0
Published Oct 17, 2018
Tracked Since Feb 18, 2026