Vulnerabilities > CVE-2018-2832 - Unspecified vulnerability in Oracle Goldengate 12.2.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. The supported version that is affected is 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle GoldenGate accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Misc. |
| NASL id | ORACLE_GOLDENGATE_CPU_APR_2018.NASL |
| description | The version of Oracle GoldenGate installed on the remote host is affected by an information disclosure vulnerability, as noted in the April 2018 CPU advisory. The vulnerability exists in Oracle GoldenGate due to an unknown reason. An unauthenticated, remote attacker can exploit this, via HTTP, to disclose potentially sensitive information. |
| last seen | 2020-03-18 |
| modified | 2020-03-06 |
| plugin id | 134306 |
| published | 2020-03-06 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/134306 |
| title | Oracle GoldenGate Information Disclosure (April 2018 CPU) |