CVE-2022-21442

4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 62.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation GoldengateOracle Goldengate
Timeline
PublishedApr 19
Latest updateApr 20

Description

Vulnerability in Oracle GoldenGate (component: OGG Core Library). The supported version that is affected is Prior to 23.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. CVSS 3.1 B

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

NVDoracle/goldengate< 23.1
CVEListV5oracle_corporation/goldengateunspecified23.1

🔴Vulnerability Details

2
GHSA
GHSA-r3c8-pgx2-7735: Vulnerability in Oracle GoldenGate (component: OGG Core Library)2022-04-20
CVEList
CVE-2022-21442: Vulnerability in Oracle GoldenGate (component: OGG Core Library)2022-04-19

📋Vendor Advisories

1
Oracle
Oracle Oracle GoldenGate Risk Matrix: OGG Core Library — CVE-2022-214422022-04-15
CVE-2022-21442 (HIGH CVSS 8.8) | Vulnerability in Oracle GoldenGate | cvebase.io