This script is Copyright (C) 2017 Tenable Network Security, Inc.
The Oracle GoldenGate Manager application running on the remote host
is affected by a remote code execution vulnerability.
According to its self-reported version number, the Oracle GoldenGate
Manager application running on the remote host is prior to 18.104.22.168.1.
It is, therefore, affected by a remote code execution vulnerability
due to improper handling of 'OBEY' commands and the ggserr.log file.
An unauthenticated, remote attacker can exploit this to execute
arbitrary code by entering a 'SHELL' command into the error log and
then executing the error log via the 'OBEY' command.
Note that newer versions of Oracle GoldenGate Manager do not fix this
issue but instead introduce access controls that disallow use of
'OBEY' by default.
See also :
Upgrade to Oracle GoldenGate Manager version 22.214.171.124.1 and use
appropriate access controls to disallow the use of the 'OBEY' command.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.5
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now