CVE-2022-21442
HIGHOracle GoldenGate < 23.1 - Authenticated Remote Code Execution
Title source: llmDescription
Vulnerability in Oracle GoldenGate (component: OGG Core Library). The supported version that is affected is Prior to 23.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Scores
CVSS v3
8.8
EPSS
0.0017
EPSS Percentile
37.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
Status
published
Products (1)
oracle/goldengate
< 23.1
Published
Apr 19, 2022
Tracked Since
Feb 18, 2026