CVE-2018-2914

HIGH

Oracle GoldenGate <12.3.0.1.0 - DoS

Title source: llm
STIX 2.1

Description

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105651
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2018-31

Scores

CVSS v3 7.5
EPSS 0.0386
EPSS Percentile 88.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (3)
oracle/goldengate 12.1.2.1.0
oracle/goldengate 12.2.0.2.0
oracle/goldengate 12.3.0.1.0
Published Oct 17, 2018
Tracked Since Feb 18, 2026