Vulnerability in Oracle GoldenGate OGG Core Library Affecting Users
CVE-2022-21442

8.8HIGH

Key Information:

Vendor: Oracle
Status: Goldengate
Vendor: CVE Published:; 19 April 2022

Summary

An access control vulnerability exists in the OGG Core Library of Oracle GoldenGate, impacting versions prior to 23.1. This flaw can be easily exploited by low-privileged attackers who have access to the infrastructure. If leveraged, it can lead to unauthorized takeover of Oracle GoldenGate, posing risks to data integrity and availability. The implications of this vulnerability extend beyond Oracle GoldenGate, affecting other associated products. Immediate action is recommended to secure your systems.

Affected Version(s)

GoldenGate < 23.1

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021