【安全更新】Oracle全系产品7月关键补丁更新通告

admin 2022年7月20日18:43:01安全漏洞评论13 views19247字阅读64分9秒阅读模式

通告编号:NS-2022-0022

2022-07-20
TAG:

Oracle、关键补丁更新、Weblogic

漏洞危害:

此次补丁更新修复了349个不同程度的漏洞,涉及多个常用产品。

版本: 1.0

1

漏洞概述


2022年7月20日,绿盟科技CERT监测发现Oracle官方发布了7月关键补丁更新公告CPU(Critical Patch Update),此次共修复了349个不同程度的漏洞,此次安全更新涉及Oracle WebLogic Server、Oracle MySQL、Oracle Java SE、Oracle Retail Applications等多个常用产品。Oracle强烈建议客户尽快应用关键补丁更新修复程序,对漏洞进行修复。


参考链接:

https://www.oracle.com/security-alerts/cpujul2022.html

SEE MORE →


2重点漏洞简述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:

Oracle WebLogic Server 远程代码执行漏洞(CVE-2022-23457):

由于在Oracle WebLogic Server中引用了第三方应用“OWASP Enterprise Security API”,未经身份验证的攻击者通过HTTP协议向受影响的服务器发送恶意的请求,最终导致在目标服务器上执行任意代码。CVSS评分为9.8。


Oracle WebLogic Server 远程代码执行漏洞(CVE-2021-23450):

由于在Oracle WebLogic Server中引用了第三方应用“Dojo”,未经身份验证的攻击者通过HTTP协议向受影响的服务器发送恶意的请求,最终导致在目标服务器上执行任意代码。CVSS评分为9.8。


Oracle WebLogic Server 远程代码执行漏洞(CVE-2022-22965):

由于在Oracle WebLogic Server中引用了第三方框架“Spring Framework”,未经身份验证的攻击者通过HTTP协议向受影响的服务器发送恶意的请求,最终导致在目标服务器上执行任意代码。CVSS评分为9.8。


Oracle WebLogic Server拒绝服务漏洞CVE-2022-24839:

Oracle WebLogic Server中存在拒绝服务漏洞,未经身份验证的攻击者通过HTTP协议向受影响的服务器发送恶意的请求,可能导致Oracle WebLogic Server挂起,或者程序崩溃,从而造成拒绝服务。CVSS评分为7.5。


Oracle WebLogic Server拒绝服务漏洞(CVE-2022-21548:

Oracle WebLogic Server中存在拒绝服务漏洞,未经身份验证的攻击者通过T3/IIOP协议向受影响的服务器发送恶意的请求,最终导致在Oracle WebLogic Server中某些可访问数据进行未经授权的更新、插入或删除,同时也可造成一定程度的拒绝服务。


Oracle MySQL多个漏洞:

此次安全更新针对Oracle MySQL发布了34个安全补丁, 其中的10个漏洞在未经用户身份验证的情况下即可远程进行利用,即无需用户凭据即可通过网络利用。高危漏洞编号如下:

CVE-2022-1292

CVE-2022-21824

CVE-2022-27778


Oracle Financial Services Applications多个漏洞:

此次安全更新针对Oracle Financial Services Applications发布了59个安全补丁。其中的38个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

CVE-2022-22963

CVE-2022-22978


     Oracle Communications多个漏洞:

此次安全更新针对Oracle Communications发布了56个安全补丁,其中的45个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

CVE-2022-22947

CVE-2022-22965

CVE-2022-23219

CVE-2022-1154

CVE-2022-22963

CVE-2022-25845


Oracle Communications Applications多个漏洞:

此次安全更新针对Oracle Communications Applications发布了17个安全补丁。其中的12个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞如下:

CVE-2022-23305

CVE-2022-23632

CVE-2022-22965

CVE-2022-21429


Oracle E-Business Suite多个漏洞:

此次安全更新针对Oracle E-Business Suite发布了6个安全补丁。其中的5个漏洞在未经用户身份验证的情况下即可远程进行利用。攻击者可以通过HTTP访问网络,从而破坏套件中的产品,从而对关键数据的未授权访问或对所有套件中产品可访问数据的完全访问。高危漏洞编号如下:

CVE-2022-23305

CVE-2022-21566

CVE-2022-21500

CVE-2022-21567


Oracle Retail Applications多个漏洞:

此次安全更新针对Oracle Retail Applications发布了17个安全补丁。其中有13个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

CVE-2022-22965

CVE-2022-23305

CVE-2022-25647


Oracle官方7月关键补丁更新漏洞总结如下:

产品

漏洞个数

未授权远程利用个数

最高CVSS评分

Oracle Database Products Risk Matrices

9

1

9.1

Oracle Database Server

9

1

9.1

Oracle Big Data Graph

3

3

7.5

Oracle Essbase

1

0

5.8

Oracle Global Lifecycle Management

1

0

4.2

Oracle GoldenGate

4

2

7.5

Oracle Graph Server and Client

1

0

6.5

Oracle REST Data Services

2

2

6.1

Oracle Spatial Studio

1

0

6.5

Oracle TimesTen In-Memory Database

1

1

8.3

Oracle Commerce

12

10

9.8

Oracle Communications Applications

17

12

9.8

Oracle Communications

56

45

10

Oracle Construction and Engineering

7

4

7.8

Oracle E-Business Suite

6

5

9.8

Oracle Enterprise Manager

6

6

9.8

Oracle Financial Services Applications

59

38

9.8

Oracle Food and Beverage Applications

3

3

7.5

Oracle Fusion Middleware

38

32

9.8

Oracle Health Sciences Applications

6

3

7.5

Oracle HealthCare Applications

3

2

7.5

Oracle Hospitality Applications

2

2

9.8

Oracle Java SE

5

4

7.5

Oracle JD Edwards

6

3

9.8

Oracle MySQL

34

10

9.8

Oracle PeopleSoft

11

9

9.8

Oracle Policy Automation

3

1

6.6

Oracle Retail Applications

17

13

9.8

Oracle Siebel CRM

1

0

5.5

Oracle Supply Chain

24

19

9.8

Oracle Systems

7

2

8.2

Oracle Utilities Applications

1

1

7.5

Oracle Virtualization

2

0

8.2


3漏洞防护

3.1 补丁更新

请用户参考本文附录“受影响产品及补丁信息”及时下载受影响产品更新补丁,并参照补丁安装包中的readme文件进行安装更新,以保证长期有效的防护。

注:Oracle官方补丁需要用户持有正版软件的许可账号,使用该账号登陆https://support.oracle.com后,可以下载最新补丁。


3.2 Weblogic临时防护措施

若相关用户暂时无法安装补丁或不通过T3协议进行JVM通信,可使用下列措施阻断针对利用T3协议漏洞的攻击

WebLogic Server提供了名为 weblogic.security.net.ConnectionFilterImpl 的默认连接筛选器,此连接筛选器接受所有传入连接,可通过此连接筛选器配置规则,对T3及T3s协议进行访问控制,详细操作步骤如下:

1. 进入WebLogic控制台,在base_domain的配置页面中,进入“安全”选项卡页面,点击“筛选器”,进入连接筛选器配置。

【安全更新】Oracle全系产品7月关键补丁更新通告

2. 在连接筛选器中输入:weblogic.security.net.ConnectionFilterImpl,参考以下写法,在连接筛选器规则中配置符合企业实际情况的规则:

127.0.0.1 * * allow t3 t3s

本机IP ** allow t3 t3s

允许访问的IP  * * allow t3 t3s  

* * * deny t3 t3s

【安全更新】Oracle全系产品7月关键补丁更新通告

连接筛选器规则格式如下:target localAddress localPort action protocols,其中:

· target 指定一个或多个要筛选的服务器。

· localAddress 可定义服务器的主机地址。(如果指定为一个星号 (*),则返回的匹配结果将是所有本地 IP 地址。)

· localPort 定义服务器正在监听的端口。(如果指定了星号,则匹配返回的结果将是服务器上所有可用的端口)。

· action 指定要执行的操作。(值必须为“allow”或“deny”。)

· protocols 是要进行匹配的协议名列表。(必须指定下列其中一个协议:http、https、t3、t3s、giop、giops、dcom 或 ftp。) 如果未定义协议,则所有协议都将与一个规则匹配。

3. 保存后若规则未生效,建议重新启动WebLogic服务(重启WebLogic服务会导致业务中断,建议相关人员评估风险后,再进行操作)。以Windows环境为例,重启服务的步骤如下:

进入域所在目录下的bin目录,在Windows系统中运行stopWebLogic.cmd文件终止WebLogic服务,Linux系统中则运行stopWebLogic.sh文件。

【安全更新】Oracle全系产品7月关键补丁更新通告 

待终止脚本执行完成后,再运行startWebLogic.cmd或startWebLogic.sh文件启动WebLogic,即可完成WebLogic服务重启。

参考链接:

https://docs.oracle.com/cd/E24329_01/web.1211/e24485/con_filtr.htm#SCPRG377


附录受影响产品及补丁信息

受影响产品及版本号

可用补丁

Autonomous Health Framework

https://support.oracle.com/rs?type=doc&id=2815521.1

Big Data Spatial and Graph, versions prior to 23.1

https://support.oracle.com/rs?type=doc&id=2867871.1

Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0

https://support.oracle.com/rs?type=doc&id=2867874.1

Enterprise Manager for MySQL Database

https://support.oracle.com/rs?type=doc&id=2867874.1

Enterprise Manager Ops Center, version 12.4.0.0

https://support.oracle.com/rs?type=doc&id=2867874.1

JD Edwards EnterpriseOne Orchestrator, versions 9.2.6.3 and prior

https://support.oracle.com/rs?type=doc&id=2880760.1

JD Edwards EnterpriseOne Tools, versions 9.2.6.3 and prior

https://support.oracle.com/rs?type=doc&id=2880760.1

MySQL Cluster, versions 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior, 8.0.29 and prior, and8.0.29 and prior

https://support.oracle.com/rs?type=doc&id=2880175.1

MySQL Enterprise Monitor, versions 8.0.30 and prior

https://support.oracle.com/rs?type=doc&id=2880175.1

MySQL Server, versions 5.7.38 and prior, 8.0.29 and prior

https://support.oracle.com/rs?type=doc&id=2880175.1

MySQL Shell, versions 8.0.28 and prior

https://support.oracle.com/rs?type=doc&id=2880175.1

MySQL Shell for VS Code, versions 1.1.8 and prior

https://support.oracle.com/rs?type=doc&id=2880175.1

MySQL Workbench, versions 8.0.29 and prior

https://support.oracle.com/rs?type=doc&id=2880175.1

Oracle Agile Engineering Data Management, version 6.2.1.0

https://support.oracle.com/rs?type=doc&id=2880762.1

Oracle Agile PLM, version 9.3.6

https://support.oracle.com/rs?type=doc&id=2880762.1

Oracle Agile Product Lifecycle Management for Process, versions 6.2.2, 6.2.3

https://support.oracle.com/rs?type=doc&id=2880762.1

Oracle Application Express, versions prior to 22.1.1

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle Application Testing Suite, version 13.3.0.1

https://support.oracle.com/rs?type=doc&id=2867874.1

Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2

https://support.oracle.com/rs?type=doc&id=2880762.1

Oracle Banking Branch, version 14.5

https://support.oracle.com

Oracle Banking Cash Management, version 14.5

https://support.oracle.com

Oracle Banking Corporate Lending Process Management, version 14.5

https://support.oracle.com

Oracle Banking Credit Facilities Process Management, version 14.5

https://support.oracle.com

Oracle Banking Deposits and Lines of Credit Servicing, version 2.7

https://support.oracle.com

Oracle Banking Electronic Data Exchange for Corporates, version 14.5

https://support.oracle.com

Oracle Banking Liquidity Management, versions 14.2, 14.5

https://support.oracle.com

Oracle Banking Origination, version 14.5

https://support.oracle.com

Oracle Banking Party Management, version 2.7

https://support.oracle.com/rs?type=doc&id=2880601.1

Oracle Banking Platform, versions 2.6.2, 2.9, 2.12

https://support.oracle.com/rs?type=doc&id=2880601.1

Oracle Banking Supply Chain Finance, version 14.5

https://support.oracle.com

Oracle Banking Trade Finance, version 14.5

https://support.oracle.com

Oracle Banking Trade Finance Process Management, version 14.5

https://support.oracle.com

Oracle Banking Virtual Account Management, version 14.5

https://support.oracle.com

Oracle Berkeley DB

https://support.oracle.com/rs?type=doc&id=2881355.1

Oracle BI Publisher, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2880164.2

Oracle Blockchain Platform

https://support.oracle.com/rs?type=doc&id=2815521.1

Oracle Business Intelligence Enterprise Edition, version 5.9.0.0.0

https://support.oracle.com/rs?type=doc&id=2880164.2

Oracle Coherence, versions 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle Commerce Guided Search, version 11.3.2

https://support.oracle.com/rs?type=doc&id=2881330.1

Oracle Commerce Merchandising, version 11.3.2

https://support.oracle.com/rs?type=doc&id=2881330.1

Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2

https://support.oracle.com/rs?type=doc&id=2881330.1

Oracle Communications ASAP, version 7.3

https://support.oracle.com/rs?type=doc&id=2880117.1

Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.6.0

https://support.oracle.com/rs?type=doc&id=2880120.1

Oracle Communications BRM - Elastic Charging Engine, versions prior to 12.0.0.4.6, prior to 12.0.0.5.1

https://support.oracle.com/rs?type=doc&id=2880120.1

Oracle Communications Cloud Native Core Binding Support Function, versions 22.1.3, 22.2.0

https://support.oracle.com/rs?type=doc&id=2881121.1                

Oracle Communications Cloud Native Core Console, versions 22.1.2, 22.2.0

https://support.oracle.com/rs?type=doc&id=2881127.1

Oracle Communications Cloud Native Core Network Exposure Function, version 22.1.1

https://support.oracle.com/rs?type=doc&id=2881146.1

Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 22.1.0, 22.1.2, 22.2.0

https://support.oracle.com/rs?type=doc&id=2881128.1

Oracle Communications Cloud Native Core Network Repository Function, versions 22.1.2, 22.2.0

https://support.oracle.com/rs?type=doc&id=2881129.1

Oracle Communications Cloud Native Core Network Slice Selection Function, version 22.1.1

https://support.oracle.com/rs?type=doc&id=2881130.1

Oracle Communications Cloud Native Core Policy, versions 22.1.3, 22.2.0

https://support.oracle.com/rs?type=doc&id=2881131.1                                    

Oracle Communications Cloud Native Core Security Edge Protection Proxy, version 22.1.1

https://support.oracle.com/rs?type=doc&id=2881132.1           

Oracle Communications Cloud Native Core Service Communication Proxy, version 22.2.0

https://support.oracle.com/rs?type=doc&id=2881112.1               

Oracle Communications Cloud Native Core Unified Data Repository, version 22.2.0

https://support.oracle.com/rs?type=doc&id=2881143.1                   

Oracle Communications Core Session Manager, versions 8.2.5, 8.4.5

https://support.oracle.com/rs?type=doc&id=2881373.1

Oracle Communications Design Studio, version 7.4.2

https://support.oracle.com/rs?type=doc&id=2881549.1

Oracle Communications Instant Messaging Server, version 10.0.1.5.0

https://support.oracle.com/rs?type=doc&id=2881276.1

Oracle Communications IP Service Activator

https://support.oracle.com/rs?type=doc&id=2880138.1

Oracle Communications Offline Mediation Controller, versions prior to 12.0.0.4.4, prior to 12.0.0.5.1

https://support.oracle.com/rs?type=doc&id=2880136.1

Oracle Communications Operations Monitor, versions 4.3, 4.4, 5.0

https://support.oracle.com/rs?type=doc&id=2881145.1

Oracle Communications Session Border Controller, versions 8.4, 9.0, 9.1

https://support.oracle.com/rs?type=doc&id=2881322.1

Oracle Communications Unified Inventory Management, versions 7.4.1, 7.4.2, 7.5.0

https://support.oracle.com/rs?type=doc&id=2880135.1

Oracle Communications Unified Session Manager, version 8.2.5

https://support.oracle.com/rs?type=doc&id=2881373.1

Oracle Crystal Ball, versions 11.1.2.0.0-11.1.2.4.900

https://support.oracle.com/rs?type=doc&id=2879713.1

Oracle Data Integrator

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle Database Server, versions 12.1.0.2, 19c, 21c

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle E-Business Suite, versions 12.2.3-12.2.11

https://support.oracle.com/rs?type=doc&id=2484000.1

Oracle Enterprise Communications Broker, version 3.3

https://support.oracle.com/rs?type=doc&id=2881359.1

Oracle Enterprise Operations Monitor, versions 4.3, 4.4, 5.0

https://support.oracle.com/rs?type=doc&id=2883136.1

Oracle Enterprise Session Border Controller, versions 8.4, 9.0, 9.1

https://support.oracle.com/rs?type=doc&id=2881322.1

Oracle Essbase, version 21.3

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7.0-8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1

https://support.oracle.com/rs?type=doc&id=2881546.1

Oracle Financial Services Behavior Detection Platform, versions 8.0.7.0, 8.0.8.0, 8.1.1.0-8.1.2.1

https://support.oracle.com/rs?type=doc&id=2879993.1

Oracle Financial Services Crime and Compliance Management Studio, versions 8.0.8.2.0, 8.0.8.3.0

https://support.oracle.com/rs?type=doc&id=2879958.1

Oracle Financial Services Enterprise Case Management, versions 8.0.7.1, 8.0.7.2, 8.0.8.0, 8.0.8.1, 8.1.1.0-8.1.2.1

https://support.oracle.com/rs?type=doc&id=2879962.1

Oracle Financial Services Revenue Management and Billing, versions 2.9.0.0.0, 2.9.0.1.0, 3.0.0.0.0-3.2.0.0.0, 4.0.0.0.0

https://support.oracle.com/rs?type=doc&id=2881994.1

Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versions 8.0.7.0, 8.0.8.0

https://support.oracle.com/rs?type=doc&id=2879961.1

Oracle FLEXCUBE Core Banking, versions 5.2, 11.6-11.8, 11.10

https://support.oracle.com

Oracle FLEXCUBE Private Banking, version 12.1

https://support.oracle.com

Oracle FLEXCUBE Universal Banking, versions 12.1-12.4, 14.0-14.3, 14.5

https://support.oracle.com

Oracle Global Lifecycle Management NextGen OUI Framework, versions prior to 13.9.4.2.10

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle Global Lifecycle Management OPatch, versions prior to 12.2.0.1.30

https://support.oracle.com/rs?type=doc&id=2815521.1

Oracle GoldenGate, versions [19c] prior to 19.1.0.0.220719, [21c] prior to 21.7.0.0.0

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle GraalVM Enterprise Edition, versions 20.3.6, 21.3.2, 22.1.0

https://support.oracle.com/rs?type=doc&id=2879978.1

Oracle Graph Server and Client, versions prior to 22.2.0

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle Health Sciences Data Management Workbench, versions 2.4.8.7, 2.5.2.1, 3.0.0.0, 3.1.0.3

https://support.oracle.com/rs?type=doc&id=2870068.1

Oracle Health Sciences Empirica Signal, versions 9.1.0.52, 9.2.0.52

https://support.oracle.com/rs?type=doc&id=2870068.1

Oracle Health Sciences Information Manager, versions 3.0.0.1, 3.0.1.0-3.0.5.0

https://support.oracle.com/rs?type=doc&id=2879761.1

Oracle Healthcare Foundation, versions 8.1.0, 8.2.0, 8.2.1

https://support.oracle.com/rs?type=doc&id=2879761.1

Oracle Hospitality Cruise Shipboard Property Management System, version 20.2.1

https://support.oracle.com/rs?type=doc&id=2873392.1

Oracle Hospitality Inventory Management, version 9.1

https://support.oracle.com/rs?type=doc&id=2871970.1

Oracle Hospitality Materials Control, version 18.1

https://support.oracle.com/rs?type=doc&id=2871960.1

Oracle Hospitality OPERA 5, version 5.6

https://support.oracle.com/rs?type=doc&id=2872807.1

Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle Identity Management Suite

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle Identity Manager Connector

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle Java SE, versions 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1

https://support.oracle.com/rs?type=doc&id=2879978.1

Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle Middleware Common Libraries and Tools, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle NoSQL Database

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle Policy Automation, versions 12.2.0-12.2.25

https://support.oracle.com/rs?type=doc&id=2876163.1

Oracle Policy Automation for Mobile Devices, versions 12.2.0-12.2.24

https://support.oracle.com/rs?type=doc&id=2876163.1

Oracle Product Lifecycle Analytics, version 3.6.1

https://support.oracle.com/rs?type=doc&id=2880762.1

Oracle REST Data Services, versions prior to 22.1.1

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle Retail Allocation, versions 15.0.3.1, 16.0.3

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Bulk Data Integration, version 16.0.3

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Customer Insights, versions 15.0.2, 16.0.2

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Customer Management and Segmentation Foundation, versions 17.0, 18.0, 19.0

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Extract Transform and Load, version 13.2.5

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Merchandising System, versions 16.0.3, 19.0.1

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Order Broker, versions 18.0, 19.1

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Pricing, version 19.0.1

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Sales Audit, versions 15.0.3.1, 16.0.3

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle Retail Xstore Point of Service, versions 17.0.4, 18.0.3, 19.0.2, 20.0.1, 21.0.1

https://support.oracle.com/rs?type=doc&id=2875760.1

Oracle SD-WAN Edge, versions 9.0, 9.1

https://support.oracle.com/rs?type=doc&id=2881968.1

Oracle Security Service, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle SOA Suite, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle Solaris, versions 10, 11

https://support.oracle.com/rs?type=doc&id=2880043.1

Oracle Spatial Studio, versions prior to 22.1.0

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle SQL Developer

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle Stream Analytics, versions [19c] prior to 19.1.0.0.6.4

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle TimesTen In-Memory Database, versions prior to 22.1.1.1.0

https://support.oracle.com/rs?type=doc&id=2867871.1

Oracle Transportation Management, version 1.4.4

https://support.oracle.com/rs?type=doc&id=2880762.1

Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0

https://support.oracle.com/rs?type=doc&id=2877520.1

Oracle VM VirtualBox, versions prior to 6.1.36

https://support.oracle.com/rs?type=doc&id=2879930.1

Oracle WebCenter Content, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle WebCenter Sites Support Tools, versions prior to 4.4.2

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle Weblogic Server Proxy Plug-in, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2880163.2

Oracle ZFS Storage Appliance Kit, version 8.8

https://support.oracle.com/rs?type=doc&id=2880043.1

PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59

https://support.oracle.com/rs?type=doc&id=2880759.1

Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.14, 19.12.0-19.12.13, 20.12.0-20.12.8, 21.12.0-21.12.1

https://support.oracle.com/rs?type=doc&id=2879713.1

Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0.0-17.12.20.4, 18.8.0.0-18.8.25.4, 19.12.0.0-19.12.19.0, 20.12.0.0-20.12.14.0, 21.12.0.0-21.12.4.0

https://support.oracle.com/rs?type=doc&id=2879713.1

Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12

https://support.oracle.com/rs?type=doc&id=2879713.1

Siebel Applications, versions 22.6 and prior

https://support.oracle.com/rs?type=doc&id=2880773.1


END

【安全更新】Oracle全系产品7月关键补丁更新通告         
【安全更新】Oracle全系产品7月关键补丁更新通告        
声明

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。            

绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。            

【安全更新】Oracle全系产品7月关键补丁更新通告

绿盟科技CERT 微信公众号
【安全更新】Oracle全系产品7月关键补丁更新通告
【安全更新】Oracle全系产品7月关键补丁更新通告
长按识别二维码,关注网络安全威胁信息



原文始发于微信公众号(绿盟科技CERT):【安全更新】Oracle全系产品7月关键补丁更新通告

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年7月20日18:43:01
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  【安全更新】Oracle全系产品7月关键补丁更新通告 http://cn-sec.com/archives/1188821.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: