【安全更新】Oracle全系产品2023年4月关键补丁更新通告

admin
admin
admin
102755
文章
87
评论
2023年4月26日09:04:01评论70 views字数 20287阅读67分37秒阅读模式

通告编号:NS-2023-0019

2023-04-19
TAG:

Oracle、关键补丁更新、Weblogic
漏洞危害:

此次补丁更新修复了433个不同程度的漏洞,涉及多个常用产品。
版本: 1.0

1

漏洞概述


2023419日,绿盟科技CERT监测发现Oracle官方发布了4月重要补丁更新公告CPUCritical Patch Update),此次共修复了433个不同程度的漏洞,此次安全更新涉及Oracle WebLogic ServerOracle MySQLOracle Financial Services ApplicationsOracle FusionMiddlewareOracle Retail Applications等多个常用产品。Oracle强烈建议客户尽快应用关键补丁更新修复程序,对漏洞进行修复。


参考链接:

https://www.oracle.com/security-alerts/cpuapr2023.html

SEE MORE →



2重点漏洞简述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:

Oracle WebLogic Server 信息泄露漏洞(CVE-2023-21931/ CVE-2023-21979):

Oracle WebLogic Server存在信息泄露漏洞,未经身份验证的攻击者通过T3协议向受影响的服务器发送特制的请求,可能实现对关键数据的非法访问或对所有Oracle WebLogic Server所有数据的完全访问,造成敏感信息泄露。


Oracle WebLogic Server拒绝服务漏洞(CVE-2023-21996):

Oracle WebLogic Server中存在拒绝服务漏洞,未经身份验证的攻击者通过HTTP协议向受影响的服务器发送恶意的请求,可能导致Oracle WebLogic Server挂起,或者程序崩溃,从而造成拒绝服务。


Oracle MySQL多个漏洞:

此次安全更新针对Oracle MySQL发布了34个安全补丁, 其中11个漏洞在未经用户身份验证的情况下远程进行利用,即无需用户凭据即可通过网络利用。高危漏洞编号如下:

CVE-2022-37434

CVE-2022-43548


Oracle Financial Services Applications多个漏洞:

此次安全更新针对Oracle Financial Services Applications发布了76个安全补丁。其中的59个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

CVE-2023-25194

CVE-2023-24998


Oracle Insurance Applications多个漏洞:

此次安全更新针对Oracle Insurance Applications发布了9个安全补丁。这9个漏洞在未经用户身份验证的情况下即可远程进行利用。攻击者可以通过HTTP访问网络发送恶意请求,从而控制产品中的组件实现对关键数据完全访问。高危漏洞编号如下:

CVE-2020-35168

CVE-2022-27404

CVE-2022-22965

CVE-2020-11987


    Oracle Communications多个漏洞:

此次安全更新针对Oracle Communications发布了77个安全补丁,其中的65个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

CVE-2023-25613

CVE-2023-25690


Oracle Communications Applications多个漏洞:

此次安全更新针对Oracle Communications Applications发布了18个安全补丁。其中的13个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞如下:

CVE-2020-35168

CVE-2022-1471

CVE-2022-36760

CVE-2020-7009


Oracle E-Business Suite多个漏洞:

此次安全更新针对Oracle E-Business Suite发布了4个安全补丁。这4个漏洞在未经用户身份验证的情况下不可远程进行利用。高危漏洞编号如下:

CVE-2023-21978


Oracle Retail Applications多个漏洞:

此次安全更新针对Oracle Retail Applications发布了22个安全补丁。其中有16个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

CVE-2022-45047


Oracle官方4月关键补丁更新漏洞总结如下:

产品

漏洞个数

未授权远程利用的个数

最高CVSS评分

Oracle Database Products Risk Matrices

5

0

6.8

Oracle Database Server

5

0

6.8

Oracle Big Data Spatial and   Graph

7

5

7.7

Oracle Blockchain Platform

7

5

7.7

Oracle Essbase

4

4

5.9

Oracle GoldenGate

2

1

9.8

Oracle Graph Server and   Client

1

0

6.5

Oracle NoSQL Database

1

0

6.5

Oracle REST Data Services

1

0

6.5

Oracle SQL Developer

2

1

6.7

Oracle TimesTen In-Memory   Database

6

6

9.8

Oracle Commerce

6

6

9.8

Oracle Communications   Applications

18

13

9.8

Oracle Communications

77

65

9.9

Oracle Construction and   Engineering

4

3

9.8

Oracle E-Business Suite

4

0

6.5

Oracle Enterprise Manager

4

3

7.5

Oracle Financial Services   Applications

76

59

9.8

Oracle Fusion Middleware

49

44

9.8

Oracle Analytics

20

12

9.8

Oracle Health Sciences   Applications

10

3

8.8

Oracle HealthCare   Applications

10

8

9.8

Oracle Hospitality   Applications

1

0

7.2

Oracle Hyperion

2

1

9.8

Oracle iLearning

3

2

8.3

Oracle Insurance   Applications

9

9

9.8

Oracle Java SE

8

7

7.4

Oracle JD Edwards

14

8

9.8

Oracle MySQL

34

11

9.8

Oracle PeopleSoft

10

8

9.8

Oracle Retail Applications

22

16

9.8

Oracle Siebel CRM

6

3

7.5

Oracle Supply Chain

2

2

7.5

Oracle Systems

6

0

7.8

Oracle Utilities   Applications

4

3

9.8

Oracle Virtualization

11

1

8.2


3漏洞防护

3.1 补丁更新

请用户参考本文附录“受影响产品及补丁信息”及时下载受影响产品更新补丁,并参照补丁安装包中的readme文件进行安装更新,以保证长期有效的防护。

注:Oracle官方补丁需要用户持有正版软件的许可账号,使用该账号登陆https://support.oracle.com后,可以下载最新补丁。


3.2 Weblogic临时防护措施

若相关用户暂时无法安装补丁或不通过T3协议进行JVM通信,可使用下列措施阻断针对利用T3协议漏洞的攻击

WebLogic Server提供了名为 weblogic.security.net.ConnectionFilterImpl 的默认连接筛选器,此连接筛选器接受所有传入连接,可通过此连接筛选器配置规则,对T3及T3s协议进行访问控制,详细操作步骤如下:

1. 进入WebLogic控制台,在base_domain的配置页面中,进入“安全”选项卡页面,点击“筛选器”,进入连接筛选器配置。

【安全更新】Oracle全系产品2023年4月关键补丁更新通告

2. 在连接筛选器中输入:weblogic.security.net.ConnectionFilterImpl,参考以下写法,在连接筛选器规则中配置符合企业实际情况的规则:

127.0.0.1 * * allow t3 t3s

本机IP ** allow t3 t3s

允许访问的IP  * * allow t3 t3s  

* * * deny t3 t3s

【安全更新】Oracle全系产品2023年4月关键补丁更新通告

连接筛选器规则格式如下:target localAddress localPort action protocols,其中:

· target 指定一个或多个要筛选的服务器。

· localAddress 可定义服务器的主机地址。(如果指定为一个星号 (*),则返回的匹配结果将是所有本地 IP 地址。)

· localPort 定义服务器正在监听的端口。(如果指定了星号,则匹配返回的结果将是服务器上所有可用的端口)。

· action 指定要执行的操作。(值必须为“allow”或“deny”。)

· protocols 是要进行匹配的协议名列表。(必须指定下列其中一个协议:http、https、t3、t3s、giop、giops、dcom 或 ftp。) 如果未定义协议,则所有协议都将与一个规则匹

3. 保存后若规则未生效,建议重新启动WebLogic服务(重启WebLogic服务会导致业务中断,建议相关人员评估风险后,再进行操作)。以Windows环境为例,重启服务的步骤如下:

进入域所在目录下的bin目录,在Windows系统中运行stopWebLogic.cmd文件终止WebLogic服务,Linux系统中则运行stopWebLogic.sh文件。

【安全更新】Oracle全系产品2023年4月关键补丁更新通告 

待终止脚本执行完成后,再运行startWebLogic.cmd或startWebLogic.sh文件启动WebLogic,即可完成WebLogic服务重启。

参考链接:

https://docs.oracle.com/cd/E24329_01/web.1211/e24485/con_filtr.htm#SCPRG377


附录受影响产品及补丁信息

受影响产品及版本号

可用补丁

JD Edwards EnterpriseOne Orchestrator,   versions prior to 9.2.7.3

https://support.oracle.com/rs?type=doc&id=2939855.1

JD Edwards EnterpriseOne Tools, versions   prior to 9.2.7.3

https://support.oracle.com/rs?type=doc&id=2939855.1

JD Edwards World Security, version A9.4

https://support.oracle.com/rs?type=doc&id=2939855.1

Management Cloud Engine, version 22.1.0.0.0

https://support.oracle.com/rs?type=doc&id=2942213.1

MySQL Cluster, versions 7.5.29 and prior,   7.6.25 and prior, 8.0.32 and prior

https://support.oracle.com/rs?type=doc&id=2937307.1

MySQL Connectors, versions 8.0.32 and prior

https://support.oracle.com/rs?type=doc&id=2937307.1

MySQL Enterprise Monitor, versions 8.0.33   and prior

https://support.oracle.com/rs?type=doc&id=2937307.1

MySQL Server, versions 5.7.41 and prior,   8.0.32 and prior

https://support.oracle.com/rs?type=doc&id=2937307.1

MySQL Workbench, versions 8.0.32 and prior

https://support.oracle.com/rs?type=doc&id=2937307.1

Oracle Access Manager, version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle Agile PLM, version 9.3.6

https://support.oracle.com/rs?type=doc&id=2939856.1

Oracle Application Testing Suite, version   13.3.0.1

https://support.oracle.com/rs?type=doc&id=2923367.1

Oracle Argus Insight, versions prior to   8.2.3

https://support.oracle.com/rs?type=doc&id=2938697.1

Oracle Argus Safety, versions prior to   8.2.3

https://support.oracle.com/rs?type=doc&id=2938697.1

Oracle Banking APIs, versions 18.2, 18.3,   19.1, 19.2, 21.1, 22.1, 22.2

https://support.oracle.com

Oracle Banking Corporate Lending, versions   14.0-14.3, 14.5-14.7

https://support.oracle.com

Oracle Banking Corporate Lending Process   Management, versions 14.4-14.7

https://support.oracle.com

Oracle Banking Digital Experience, versions   18.2, 18.3, 19.1, 19.2, 21.1, 22.1, 22.2

https://support.oracle.com

Oracle Banking Payments, versions 14.5,   14.6, 14.7

https://support.oracle.com

Oracle Banking Trade Finance, versions   14.5, 14.6, 14.7

https://support.oracle.com

Oracle Banking Treasury Management,   versions 14.5, 14.6, 14.7

https://support.oracle.com

Oracle Banking Virtual Account Management,   versions 14.5, 14.6, 14.7

https://support.oracle.com

Oracle BI Publisher, versions 6.4.0.0.0,   12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936091.2

Oracle Big Data Spatial and Graph, versions   prior to 23.1

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle Blockchain Platform, versions prior   to 21.1.3

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle Business Intelligence Enterprise   Edition, versions 5.9.0.0.0, 6.4.0.0.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936091.2

Oracle Business Process Management Suite,   version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle Clinical Remote Data Capture,   version 5.4.0.2

https://support.oracle.com/rs?type=doc&id=2938697.1

Oracle Coherence, versions 12.2.1.4.0,   14.1.1.0.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle Commerce Guided Search, version   11.3.2

https://support.oracle.com/rs?type=doc&id=2939844.1

Oracle Commerce Platform, versions 11.3.0,   11.3.1, 11.3.2

https://support.oracle.com/rs?type=doc&id=2939844.1

Oracle Communications Cloud Native   Configuration Console, versions 22.4.1, 23.1.0

https://support.oracle.com/rs?type=doc&id=2938418.1

Oracle Communications Cloud Native Core   Automated Test Suite, versions 22.3.1, 22.4.0

https://support.oracle.com/rs?type=doc&id=2938415.1

Oracle Communications Cloud Native Core   Binding Support Function, versions 22.4.0-22.4.4, 23.1.0-23.1.1

https://support.oracle.com/rs?type=doc&id=2938417.1

Oracle Communications Cloud Native Core   Console, versions 22.3.0, 22.4.0

https://support.oracle.com/rs?type=doc&id=2938418.1

Oracle Communications Cloud Native Core   Network Exposure Function, versions 22.4.2, 23.1.0

https://support.oracle.com/rs?type=doc&id=2938420.1

Oracle Communications Cloud Native Core   Network Function Cloud Native Environment, version 22.4.0

https://support.oracle.com/rs?type=doc&id=2938434.1

Oracle Communications Cloud Native Core   Network Repository Function, version 23.1.0

https://support.oracle.com/rs?type=doc&id=2938435.1

Oracle Communications Cloud Native Core   Policy, versions 22.4.0-22.4.4, 23.1.0-23.1.1

https://support.oracle.com/rs?type=doc&id=2938436.1

Oracle Communications Cloud Native Core   Security Edge Protection Proxy, versions 22.4.0, 22.4.1, 22.4.2, 23.1.0

https://support.oracle.com/rs?type=doc&id=2938437.1

Oracle Communications Cloud Native Core   Service Communication Proxy, versions 22.3.0, 22.4.0

https://support.oracle.com/rs?type=doc&id=2942394.1

Oracle Communications Cloud Native Core   Unified Data Repository, versions 22.4.1, 23.1.0

https://support.oracle.com/rs?type=doc&id=2938438.1

Oracle Communications Convergent Charging   Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0

https://support.oracle.com/rs?type=doc&id=2936023.1

Oracle Communications Core Session Manager,   versions 8.45, 9.15

https://support.oracle.com/rs?type=doc&id=2938621.1

Oracle Communications Diameter Signaling   Router, version 8.6.0.0

https://support.oracle.com/rs?type=doc&id=2938440.1

Oracle Communications Element Manager,   versions 9.0.0, 9.0.1

https://support.oracle.com/rs?type=doc&id=2938441.1

Oracle Communications IP Service Activator,   versions 7.4.0, 7.5.0

https://support.oracle.com/rs?type=doc&id=2936021.1

Oracle Communications Network Charging and   Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0

https://support.oracle.com/rs?type=doc&id=2936023.1

Oracle Communications Operations Monitor,   version 5.0

https://support.oracle.com/rs?type=doc&id=2938442.1

Oracle Communications Order and Service   Management, version 7.4.1

https://support.oracle.com/rs?type=doc&id=2936012.1

Oracle Communications Policy Management,   version 12.6.0.0.0

https://support.oracle.com/rs?type=doc&id=2938443.1

Oracle Communications Services Gatekeeper,   version 7.0.0.0.0

https://support.oracle.com/rs?type=doc&id=2938446.1

Oracle Communications Session Border   Controller, versions 9.0, 9.1

https://support.oracle.com/rs?type=doc&id=2938613.1

Oracle Communications Session Report   Manager, versions 9.0.0, 9.0.1

https://support.oracle.com/rs?type=doc&id=2938447.1

Oracle Communications Session Router,   versions 9.0, 9.1

https://support.oracle.com/rs?type=doc&id=2938613.1

Oracle Communications Subscriber-Aware Load   Balancer, versions 9.0, 9.1

https://support.oracle.com/rs?type=doc&id=2938613.1

Oracle Communications Unified Assurance,   versions 5.5.0-5.5.10, 6.0.0-6.0.2

https://support.oracle.com/rs?type=doc&id=2936013.1

Oracle Communications Unified Inventory   Management, versions 7.4.0, 7.4.1, 7.4.2, 7.5.0

https://support.oracle.com/rs?type=doc&id=2936066.1

Oracle Communications User Data Repository,   version 12.6.1.0.0

https://support.oracle.com/rs?type=doc&id=2938448.1

Oracle Data Integrator, version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle Database Server, versions 19c, 21c

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle Documaker, versions 12.6.0.0.0,   12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0, 12.7.1.0.0

https://support.oracle.com/rs?type=doc&id=2939209.1

Oracle E-Business Suite, versions   12.2.3-12.2.12

https://support.oracle.com/rs?type=doc&id=2484000.1

Oracle Enterprise Communications Broker,   versions 3.3, 4.0

https://support.oracle.com/rs?type=doc&id=2938617.1

Oracle Enterprise Manager Ops Center,   version 12.4.0.0

https://support.oracle.com/rs?type=doc&id=2923367.1

Oracle Enterprise Session Router, version   9.1

https://support.oracle.com/rs?type=doc&id=2938613.1

Oracle Essbase, version 21.4

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle Financial Services Analytical   Applications Infrastructure, versions 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0,   8.1.1.0, 8.1.2.0, 8.1.2.1, 8.1.2.2

https://support.oracle.com/rs?type=doc&id=2939767.1

Oracle Financial Services Analytical   Applications Reconciliation Framework, versions 8.0.7.1.2, 8.1.1.1.7

https://support.oracle.com/rs?type=doc&id=2939780.1

Oracle Financial Services Asset Liability   Management, version 8.0.7.8.0

https://support.oracle.com/rs?type=doc&id=2940045.1

Oracle Financial Services Balance   Computation Engine, version 8.1.1.1.1

https://support.oracle.com/rs?type=doc&id=2942325.1

Oracle Financial Services Balance Sheet   Planning, version 8.0.8.1.4

https://support.oracle.com/rs?type=doc&id=2940043.1  

Oracle Financial Services Behavior   Detection Platform, versions 8.0.8.1, 8.1.1.1, 8.1.2.3, 8.1.2.4

https://support.oracle.com/rs?type=doc&id=2936356.1  

Oracle Financial Services Compliance   Studio, version 8.1.2.4

https://support.oracle.com/rs?type=doc&id=2936394.1

Oracle Financial Services Crime and   Compliance Management Studio, version 8.0.8.3.5

https://support.oracle.com/rs?type=doc&id=2936386.1

Oracle Financial Services Currency   Transaction Reporting, versions 8.0.8.1.0, 8.1.1.1.0, 8.1.2.3.0, 8.1.2.4.1

https://support.oracle.com/rs?type=doc&id=2936356.1

Oracle Financial Services Data Governance   for US Regulatory Reporting, versions 8.1.2.0, 8.1.2.1

https://support.oracle.com/rs?type=doc&id=2940075.1

Oracle Financial Services Data Integration   Hub, versions 8.0.7.3.1, 8.1.0.1.4, 8.1.2.2.1

https://support.oracle.com/rs?type=doc&id=2939782.1  

Oracle Financial Services Deposit Insurance   Calculations for Liquidity Risk Management, versions 8.0.7.3.1, 8.0.8.3.1

https://support.oracle.com/rs?type=doc&id=2939725.1

Oracle Financial Services Enterprise Case   Management, versions 8.0.8.2, 8.1.1.1, 8.1.2.3, 8.1.2.4

https://support.oracle.com/rs?type=doc&id=2936337.1

Oracle Financial Services Enterprise   Financial Performance Analytics, version 8.0.7.8.1

https://support.oracle.com/rs?type=doc&id=2940042.1  

Oracle Financial Services Funds Transfer   Pricing, version 8.0.7.8.1

https://support.oracle.com/rs?type=doc&id=2940037.1

Oracle Financial Services Institutional   Performance Analytics, version 8.0.7.8.1

https://support.oracle.com/rs?type=doc&id=2940040.1

Oracle Financial Services Liquidity Risk   Measurement and Management, versions 8.0.7.3.1, 8.0.8.3.1

https://support.oracle.com/rs?type=doc&id=2939725.1

Oracle Financial Services Loan Loss   Forecasting and Provisioning, versions 8.0.7.8.1, 8.0.8.2.1

https://support.oracle.com/rs?type=doc&id=2939932.1

Oracle Financial Services Model Management   and Governance, versions 8.1.0.0, 8.1.2.0

https://support.oracle.com/rs?type=doc&id=2939794.1

Oracle Financial Services Profitability   Management, version 8.0.7.8.1

https://support.oracle.com/rs?type=doc&id=2940039.1

Oracle Financial Services Regulatory   Reporting, versions 8.0.8.1, 8.1.1.1, 8.1.2.3, 8.1.2.4

https://support.oracle.com/rs?type=doc&id=2936339.1

Oracle Financial Services Regulatory   Reporting with AgileREPORTER, version 8.1.1.2.0

https://support.oracle.com/rs?type=doc&id=2940025.1

Oracle Financial Services Retail   Performance Analytics, version 8.0.7.8.1

https://support.oracle.com/rs?type=doc&id=2940041.1

Oracle Financial Services Revenue   Management and Billing, versions 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2,   4.0

https://support.oracle.com/rs?type=doc&id=2938972.1

Oracle Financial Services Trade-Based Anti   Money Laundering Enterprise Edition, version 8.0.8.0.0

https://support.oracle.com/rs?type=doc&id=2936336.1

Oracle FLEXCUBE Core Banking, versions   11.6, 11.7, 11.8, 11.10, 11.11

https://support.oracle.com

Oracle FLEXCUBE Universal Banking, versions   14.0-14.3, 14.5-14.7

https://support.oracle.com

Oracle GoldenGate, versions prior to   19.1.0.0.230418, prior to 21.10.0.0.0

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle GoldenGate Studio, version [Fusion   Middleware] 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle GraalVM Enterprise Edition, versions   20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1

https://support.oracle.com/rs?type=doc&id=2935948.1

Oracle Graph Server and Client, versions   prior to 23.1.0, prior to 23.2.0

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle Health Sciences InForm, versions   prior to 6.3.1.3, prior to 7.0.0.1

https://support.oracle.com/rs?type=doc&id=2938697.1

Oracle Healthcare Foundation, versions   8.1.0, 8.1.1, 8.2.0, 8.2.1, 8.2.2

https://support.oracle.com/rs?type=doc&id=2939153.1

Oracle Healthcare Master Person Index,   versions 5.0.0-5.0.4

https://support.oracle.com/rs?type=doc&id=2939153.1

Oracle Healthcare Translational Research,   versions 4.1.0, 4.1.1

https://support.oracle.com/rs?type=doc&id=2939153.1

Oracle Hospitality OPERA 5 Property   Services, version 5.6

https://support.oracle.com/rs?type=doc&id=2935379.1

Oracle HTTP Server, version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle Hyperion Financial Reporting,   version 11.2.12

https://support.oracle.com/rs?type=doc&id=2775466.2

Oracle Hyperion Infrastructure Technology,   version 11.2.12

https://support.oracle.com/rs?type=doc&id=2775466.2

Oracle Identity Manager, version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle iLearning, version 6.3.1

https://support.oracle.com/rs?type=doc&id=2939823.1

Oracle Insurance Policy Administration   Operational Data Store for Life and Annuity, version 1.0.1.8

https://support.oracle.com/rs?type=doc&id=2939209.1

Oracle Java SE, versions 8u361, 8u361-perf,   11.0.18, 17.0.6, 20

https://support.oracle.com/rs?type=doc&id=2935948.1

Oracle JDeveloper, version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle Managed File Transfer, version   12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle Middleware Common Libraries and   Tools, version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle NoSQL Database, versions prior to   19.5.32

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle Outside In Technology, version 8.5.6

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle REST Data Services, versions prior   to 23.1.0

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle Retail Customer Management and   Segmentation Foundation, versions 18.0.0.12, 19.0.0.6

https://support.oracle.com/rs?type=doc&id=2934131.1

Oracle Retail Fiscal Management, version   14.2

https://support.oracle.com/rs?type=doc&id=2934131.1

Oracle Retail Invoice Matching, versions   15.0.3, 16.0.3

https://support.oracle.com/rs?type=doc&id=2934131.1

Oracle Retail Merchandising System,   versions 15.0.3.1, 16.0.2, 16.0.3

https://support.oracle.com/rs?type=doc&id=2934131.1

Oracle Retail Predictive Application   Server, versions 15.0.3, 16.0.3

https://support.oracle.com/rs?type=doc&id=2934131.1

Oracle Retail Price Management, versions   14.1.3.2, 15.0.3.1, 16.0.3

https://support.oracle.com/rs?type=doc&id=2934131.1

Oracle Retail Sales Audit, version 15.0.3.1

https://support.oracle.com/rs?type=doc&id=2934131.1

Oracle Retail Xstore Office Cloud Service,   versions 18.0.5, 19.0.4, 20.0.3, 21.0.2

https://support.oracle.com/rs?type=doc&id=2934131.1

Oracle Retail Xstore Point of Service,   versions 17.0.6, 18.0.5, 19.0.4, 20.0.3, 21.0.2

https://support.oracle.com/rs?type=doc&id=2934131.1

Oracle SD-WAN Aware, version 9.0.1.6.0

https://support.oracle.com/rs?type=doc&id=2938423.1

Oracle SD-WAN Edge, versions 9.1.1.3.0,   9.1.1.4.0

https://support.oracle.com/rs?type=doc&id=2938444.1

Oracle SOA Suite, version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle Solaris, versions 10, 11

https://support.oracle.com/rs?type=doc&id=2940069.1

Oracle SQL Developer, versions prior to   22.4.0, prior to 23.1.0

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle TimesTen In-Memory Database,   versions prior to 22.1.1.7.0

https://support.oracle.com/rs?type=doc&id=2923348.1

Oracle Utilities Application Framework,   versions 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0,   4.5.0.0.0

https://support.oracle.com/rs?type=doc&id=2936478.1

Oracle Utilities Network Management System,   versions 2.3.0.2, 2.4.0.1, 2.5.0.0, 2.5.0.1, 2.5.0.2

https://support.oracle.com/rs?type=doc&id=2936478.1

Oracle VM VirtualBox, versions prior to   6.1.44, prior to 7.0.8

https://support.oracle.com/rs?type=doc&id=2940494.1

Oracle WebCenter Portal, version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle WebCenter Sites, version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2936090.2

Oracle WebLogic Server, versions   12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

https://support.oracle.com/rs?type=doc&id=2936090.2

PeopleSoft Enterprise HCM Human Resources,   version 9.2

https://support.oracle.com/rs?type=doc&id=2939793.1

PeopleSoft Enterprise PeopleTools, versions   8.58, 8.59, 8.60

https://support.oracle.com/rs?type=doc&id=2939793.1

Primavera P6 Enterprise Project Portfolio   Management, versions 18.8.0-18.8.26, 19.12.0-19.12.21, 20.12.0-20.12.18,   21.12.0-21.12.12, 22.12.0-22.12.3

https://support.oracle.com/rs?type=doc&id=2936154.1

Primavera Unifier, versions 18.8.0-18.8.18,   19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14, 22.12.0-22.12.3

https://support.oracle.com/rs?type=doc&id=2936154.1

Siebel Applications, versions 21.10 and   prior, 22.10 and prior, 23.3 and prior

https://support.oracle.com/rs?type=doc&id=2939854.1


END

【安全更新】Oracle全系产品2023年4月关键补丁更新通告         
【安全更新】Oracle全系产品2023年4月关键补丁更新通告        
声明

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。            

绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。            

【安全更新】Oracle全系产品2023年4月关键补丁更新通告

绿盟科技CERT 微信公众号
【安全更新】Oracle全系产品2023年4月关键补丁更新通告
【安全更新】Oracle全系产品2023年4月关键补丁更新通告
长按识别二维码,关注网络安全威胁信息

原文始发于微信公众号(绿盟科技CERT):【安全更新】Oracle全系产品2023年4月关键补丁更新通告

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2023年4月26日09:04:01
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   【安全更新】Oracle全系产品2023年4月关键补丁更新通告http://cn-sec.com/archives/1680335.html

发表评论

匿名网友 填写信息