【安全更新】Oracle全系产品1月关键补丁更新通告

admin 2022年1月20日02:35:22安全漏洞评论70 views22730字阅读75分46秒阅读模式

通告编号:NS-2022-0005

2022-1-19
TAG:

Oracle、关键补丁更新、Weblogic

漏洞危害:

此次补丁更新修复了497个不同程度的漏洞,涉及多个常用产品。

版本: 1.0
1

漏洞概述

2022年1月19日,绿盟科技CERT监测发现Oracle官方发布了1月关键补丁更新公告CPU(Critical Patch Update),此次共修复了497个不同程度的漏洞,此次安全更新涉及Oracle WebLogic Server、Oracle MySQL、Oracle Java SE、Oracle FusionMiddleware、Oracle Retail Applications等多个常用产品。Oracle强烈建议客户尽快应用关键补丁更新修复程序,对漏洞进行修复。

参考链接:

https://www.oracle.com/security-alerts/cpujan2022.html

SEE MORE →

2重点漏洞简述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:

Oracle WebLogic Server 远程代码执行漏洞(CVE-2022-21306):

Oracle WebLogic Server存在远程代码执行漏洞,未经身份验证的攻击者通过T3协议向服务器发送特制的恶意请求,最终导致在目标服务器上执行任意代码。

Oracle WebLogic Server信息泄漏漏洞(CVE-2022-21292/CVE-2022-21371:

Oracle WebLogic Server存在信息泄露漏洞,未经身份验证的攻击者通过HTTP协议向受影响的服务器发送特制的请求,可能实现对关键数据的非法访问或对所有Oracle WebLogic Server所有数据的完全访问,造成敏感信息泄露。

Oracle MySQL多个漏洞:

此次安全更新针对Oracle MySQL发布了78个安全补丁, 其中的3个漏洞在未经用户身份验证的情况下即可远程进行利用,即无需用户凭据即可通过网络利用。漏洞编号如下:

CVE-2021-22946

CVE-2021-3712

CVE-2022-21278

CVE-2022-21351

Oracle Financial Services Applications多个漏洞:

此次安全更新针对Oracle Financial Services Applications发布了48个安全补丁。其中的37个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

CVE-2019-17495

CVE-2020-13936

CVE-2021-2351

CVE-2020-11987

CVE-2021-22118

CVE-2021-36090

CVE-2020-25649

CVE-2021-37137

Oracle Insurance Applications多个漏洞:

此次安全更新针对Oracle Insurance Applications发布了7个安全补丁。其中的6个漏洞在未经用户身份验证的情况下即可远程进行利用。攻击者可以通过HTTP访问网络发送恶意请求,从而控制产品中的组件进而对关键数据完全访问。严重漏洞编号如下:

CVE-2020-10683

CVE-2021-2351

CVE-2021-22118

Oracle Communications 多个漏洞:

此次安全更新针对Oracle Communications发布了84个安全补丁,其中的50个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

CVE-2021-23440

CVE-2021-21783

CVE-2021-32827

CVE-2021-27568

CVE-2021-39139

CVE-2019-13734

CVE-2020-13936

CVE-2020-15824

CVE-2020-10878

CVE-2021-39153

CVE-2020-36189

Oracle Communications Applications多个漏洞:

此次安全更新针对Oracle Communications Applications发布了33个安全补丁。其中的22个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞如下:

CVE-2022-21275

CVE-2022-21389

CVE-2022-21390

CVE-2022-21276

CVE-2022-21391

CVE-2021-39139

CVE-2021-29505

CVE-2021-2351

CVE-2020-28052

CVE-2020-24750

Oracle E-Business Suite多个漏洞:

此次安全更新针对Oracle E-Business Suite发布了9个安全补丁。其中的5个漏洞在未经用户身份验证的情况下即可远程进行利用。攻击者可以通过HTTP访问网络,从而破坏套件中的产品,从而对关键数据的未授权访问或对所有套件中产品可访问数据的完全访问。高危漏洞编号如下:

CVE-2022-21255

CVE-2022-21273

CVE-2022-21274

CVE-2022-21250

Oracle Retail Applications多个漏洞:

此次安全更新针对Oracle Retail Applications发布了43个安全补丁。其中有34个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

CVE-2020-13936

CVE-2021-2351

CVE-2021-22118

CVE-2021-4104

CVE-2021-23337

Oracle官方1月关键补丁更新漏洞总结如下:

产品

漏洞个数

未授权远程利用个数

最高CVSS评分

Oracle Database Server

4

0

5.4

Oracle Essbase

4

3

9.9

Oracle GoldenGate

3

3

9.4

Oracle Graph Server and Client

2

2

9.8

Oracle REST Data Services

2

1

7.5

Oracle Secure Backup

2

2

9.8

Oracle Commerce

6

6

8.3

Oracle Communications Applications

33

22

10.0

Oracle Communications

84

50

9.8

Oracle Construction and Engineering

22

15

9.8

Oracle E-Business Suite

9

5

8.1

Oracle Enterprise Manager

7

6

9.8

Oracle Financial Services Applications

48

37

9.8

Oracle Fusion Middleware

39

35

9.8

Oracle Health Sciences Applications

8

8

8.3

Oracle Hospitality Applications

3

3

8.3

Oracle HealthCare Applications

4

4

8.3

Oracle Hyperion

1

1

8.3

Oracle Insurance Applications

7

6

9.8

Oracle Java SE

18

18

6.5

Oracle JD Edwards

1

0

7.2

Oracle MySQL

78

3

7.5

Oracle PeopleSoft

13

10

9.8

Oracle Retail Applications

43

34

8.8

Oracle Siebel CRM

2

1

8.8

Oracle Supply Chain

10

8

8.3

Oracle Systems

11

7

8.6

Oracle Utilities Applications

13

7

9.8

Oracle Virtualization

2

0

6.5

3漏洞防护

3.1 补丁更新

请用户参考本文附录“受影响产品及补丁信息”及时下载受影响产品更新补丁,并参照补丁安装包中的readme文件进行安装更新,以保证长期有效的防护。

注:Oracle官方补丁需要用户持有正版软件的许可账号,使用该账号登陆https://support.oracle.com后,可以下载最新补丁。

3.2 Weblogic临时防护措施

若相关用户暂时无法安装补丁或不通过T3协议进行JVM通信,可使用下列措施阻断针对利用T3协议漏洞的攻击

WebLogic Server提供了名为 weblogic.security.net.ConnectionFilterImpl 的默认连接筛选器,此连接筛选器接受所有传入连接,可通过此连接筛选器配置规则,对T3及T3s协议进行访问控制,详细操作步骤如下:

1. 进入WebLogic控制台,在base_domain的配置页面中,进入“安全”选项卡页面,点击“筛选器”,进入连接筛选器配置。

【安全更新】Oracle全系产品1月关键补丁更新通告

2. 在连接筛选器中输入:weblogic.security.net.ConnectionFilterImpl,参考以下写法,在连接筛选器规则中配置符合企业实际情况的规则:

127.0.0.1 * * allow t3 t3s

本机IP ** allow t3 t3s

允许访问的IP  * * allow t3 t3s  

* * * deny t3 t3s

【安全更新】Oracle全系产品1月关键补丁更新通告

连接筛选器规则格式如下:target localAddress localPort action protocols,其中:

· target 指定一个或多个要筛选的服务器。

· localAddress 可定义服务器的主机地址。(如果指定为一个星号 (*),则返回的匹配结果将是所有本地 IP 地址。)

· localPort 定义服务器正在监听的端口。(如果指定了星号,则匹配返回的结果将是服务器上所有可用的端口)。

· action 指定要执行的操作。(值必须为“allow”或“deny”。)

· protocols 是要进行匹配的协议名列表。(必须指定下列其中一个协议:http、https、t3、t3s、giop、giops、dcom 或 ftp。) 如果未定义协议,则所有协议都将与一个规则匹配。

3. 保存后若规则未生效,建议重新启动WebLogic服务(重启WebLogic服务会导致业务中断,建议相关人员评估风险后,再进行操作)。以Windows环境为例,重启服务的步骤如下:

进入域所在目录下的bin目录,在Windows系统中运行stopWebLogic.cmd文件终止WebLogic服务,Linux系统中则运行stopWebLogic.sh文件。

【安全更新】Oracle全系产品1月关键补丁更新通告 

待终止脚本执行完成后,再运行startWebLogic.cmd或startWebLogic.sh文件启动WebLogic,即可完成WebLogic服务重启。

参考链接:

https://docs.oracle.com/cd/E24329_01/web.1211/e24485/con_filtr.htm#SCPRG377

附录受影响产品及补丁信息

受影响产品及版本号

可用补丁

Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite, version 3.6

https://support.oracle.com/rs?type=doc&id=2832006.1

Application Performance Management, versions 13.4.1.0, 13.5.1.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Big Data Spatial and Graph, versions prior to 23.1

https://support.oracle.com/rs?type=doc&id=2817011.1

Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Enterprise Manager Ops Center, version 12.4.0.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2410, prior to XCP3110

https://support.oracle.com/rs?type=doc&id=2832878.1

Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3

https://support.oracle.com/rs?type=doc&id=2829871.1

JD Edwards EnterpriseOne Tools, versions prior to 9.2.6.1

https://support.oracle.com/rs?type=doc&id=2832004.1

MySQL Cluster, versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, 8.0.27 and prior

https://support.oracle.com/rs?type=doc&id=2832117.1

MySQL Connectors, versions 8.0.27 and prior

https://support.oracle.com/rs?type=doc&id=2832117.1

MySQL Server, versions 5.7.36 and prior, 8.0.27 and prior

https://support.oracle.com/rs?type=doc&id=2832117.1

MySQL Workbench, versions 8.0.27 and prior

https://support.oracle.com/rs?type=doc&id=2832117.1

Oracle Access Manager, versions 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Agile Engineering Data Management, version 6.2.1.0

https://support.oracle.com/rs?type=doc&id=2832006.1

Oracle Agile PLM, versions 9.3.3, 9.3.6

https://support.oracle.com/rs?type=doc&id=2832006.1

Oracle Agile PLM MCAD Connector, versions 3.4, 3.6

https://support.oracle.com/rs?type=doc&id=2832006.1

Oracle Airlines Data Model, versions 12.1.1.0.0, 12.2.0.1.0

https://support.oracle.com/rs?type=doc&id=2833257.1

Oracle Application Express, versions prior to 21.1.4

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Application Testing Suite, version 13.3.0.1

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Argus Analytics, versions 8.2.1, 8.2.2, 8.2.3

https://support.oracle.com/rs?type=doc&id=2827314.1

Oracle Argus Insight, versions 8.2.1, 8.2.2, 8.2.3

https://support.oracle.com/rs?type=doc&id=2827314.1

Oracle Argus Mart, versions 8.2.1, 8.2.2, 8.2.3

https://support.oracle.com/rs?type=doc&id=2827314.1

Oracle Argus Safety, versions 8.2.1, 8.2.2, 8.2.3

https://support.oracle.com/rs?type=doc&id=2827314.1

Oracle Banking APIs, versions 18.1-18.3, 19.1, 19.2, 20.1, 21.1

https://support.oracle.com

Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0

https://support.oracle.com

Oracle Banking Digital Experience, versions 17.2, 18.1-18.3, 19.1, 19.2, 20.1, 21.1

https://support.oracle.com

Oracle Banking Enterprise Default Management, versions 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1, 2.10.0, 2.12.0

https://support.oracle.com/rs?type=doc&id=2827842.1

Oracle Banking Loans Servicing, version 2.12.0

https://support.oracle.com

Oracle Banking Party Management, version 2.7.0

https://support.oracle.com/rs?type=doc&id=2827842.1

Oracle Banking Platform, versions 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1

https://support.oracle.com/rs?type=doc&id=2827842.1

Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Business Activity Monitoring, versions 12.2.1.4.0, 12.2.1.5.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Clinical, versions 5.2.1, 5.2.2

https://support.oracle.com/rs?type=doc&id=2827314.1

Oracle Commerce Guided Search, version 11.3.2

https://support.oracle.com/rs?type=doc&id=2832419.1

Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2

https://support.oracle.com/rs?type=doc&id=2832419.1

Oracle Communications Billing and Revenue Management, versions 12.0.0.3, 12.0.0.4

https://support.oracle.com/rs?type=doc&id=2831903.1

Oracle Communications BRM - Elastic Charging Engine, versions 11.3, 12.0

https://support.oracle.com/rs?type=doc&id=2831903.1

Oracle Communications Calendar Server, version 8.0.0.5.0

https://support.oracle.com/rs?type=doc&id=2831902.1

Oracle Communications Cloud Native Core Automated Test Suite, version 1.8.0

https://support.oracle.com/rs?type=doc&id=2833620.1

Oracle Communications Cloud Native Core Binding Support Function, versions 1.9.0, 1.10.0

https://support.oracle.com/rs?type=doc&id=2833618.1

Oracle Communications Cloud Native Core Console, version 1.7.0

https://support.oracle.com/rs?type=doc&id=2833832.1

Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 1.9.0

https://support.oracle.com/rs?type=doc&id=2833600.1

Oracle Communications Cloud Native Core Network Repository Function, version 1.14.0

https://support.oracle.com/rs?type=doc&id=2833598.1

Oracle Communications Cloud Native Core Policy, version 1.14.0

https://support.oracle.com/rs?type=doc&id=2833602.1

Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 1.5.0, 1.6.0, 1.15.0

https://support.oracle.com/rs?type=doc&id=2833594.1

Oracle Communications Cloud Native Core Service Communication Proxy, version 1.14.0

https://support.oracle.com/rs?type=doc&id=2833601.1

Oracle Communications Cloud Native Core Unified Data Repository, version 1.14.0

https://support.oracle.com/rs?type=doc&id=2833596.1

Oracle Communications Contacts Server, version 8.0.0.3.0

https://support.oracle.com/rs?type=doc&id=2831902.1

Oracle Communications Convergence, version 3.0.2.2.0

https://support.oracle.com/rs?type=doc&id=2831902.1

Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0

https://support.oracle.com/rs?type=doc&id=2831885.1

Oracle Communications Data Model, versions 11.3.2.1.0, 11.3.2.2.0, 11.3.2.3.0, 12.1.0.1.0, 12.1.2.0.0

https://support.oracle.com/rs?type=doc&id=2833265.1

Oracle Communications Design Studio, versions 7.3.4, 7.3.5, 7.4.0, 7.4.1, 7.4.2

https://support.oracle.com/rs?type=doc&id=2831888.1

Oracle Communications Diameter Signaling Router, versions 8.0.0.0-8.5.1.0

https://support.oracle.com/rs?type=doc&id=2833215.1

Oracle Communications EAGLE Application Processor, versions 16.1-16.4

https://support.oracle.com/rs?type=doc&id=2833619.1

Oracle Communications Instant Messaging Server, version 10.0.1.5.0

https://support.oracle.com/rs?type=doc&id=2831902.1

Oracle Communications Interactive Session Recorder, versions 6.3, 6.4

https://support.oracle.com/rs?type=doc&id=2833605.1

Oracle Communications Messaging Server, version 8.1

https://support.oracle.com/rs?type=doc&id=2831902.1

Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0

https://support.oracle.com/rs?type=doc&id=2831885.1

Oracle Communications Network Integrity, versions 7.3.5, 7.3.6

https://support.oracle.com/rs?type=doc&id=2831886.1

Oracle Communications Offline Mediation Controller, version 12.0.0.3

https://support.oracle.com/rs?type=doc&id=2831903.1

Oracle Communications Operations Monitor, versions 3.4, 4.2, 4.3, 4.4, 5.0

https://support.oracle.com/rs?type=doc&id=2833603.1

Oracle Communications Pricing Design Center, versions 12.0.0.3.0, 12.0.0.4.0

https://support.oracle.com/rs?type=doc&id=2831903.1

Oracle Communications Service Broker, version 6.2

https://support.oracle.com/rs?type=doc&id=2833617.1

Oracle Communications Services Gatekeeper, version 7.0

https://support.oracle.com/rs?type=doc&id=2833211.1

Oracle Communications Session Border Controller, versions 8.2, 8.3, 8.4, 9.0

https://support.oracle.com/rs?type=doc&id=2833085.1

Oracle Communications Unified Inventory Management, versions 7.3.0, 7.3.4, 7.3.5, 7.4.0, 7.4.1, 7.4.2, 7.5.0

https://support.oracle.com/rs?type=doc&id=2831889.1

Oracle Communications WebRTC Session Controller, versions 7.2.0, 7.2.1

https://support.oracle.com/rs?type=doc&id=2833614.1

Oracle Data Integrator, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Database Server, versions 12.1.0.2, 12.2.0.1, 19c, 21c

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Demantra Demand Management, versions 12.2.6-12.2.11

https://support.oracle.com/rs?type=doc&id=2832006.1

Oracle E-Business Suite, versions 12.2.3-12.2.11

https://support.oracle.com/rs?type=doc&id=2484000.1

Oracle Enterprise Communications Broker, version 3.3

https://support.oracle.com/rs?type=doc&id=2833087.1

Oracle Enterprise Data Quality, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Enterprise Session Border Controller, versions 8.4, 9.0

https://support.oracle.com/rs?type=doc&id=2833085.1

Oracle Essbase, versions prior to 11.1.2.4.47, prior to 21.3

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Essbase Administration Services, versions prior to 11.1.2.4.47

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7-8.1.1

https://support.oracle.com/rs?type=doc&id=2825591.1

Oracle Financial Services Behavior Detection Platform, versions 8.0.7, 8.0.8, 8.1.1

https://support.oracle.com/rs?type=doc&id=2832147.1

Oracle Financial Services Enterprise Case Management, versions 8.0.7, 8.0.8, 8.1.1

https://support.oracle.com/rs?type=doc&id=2832152.1

Oracle Financial Services Foreign Account Tax Compliance Act Management, versions 8.0.7, 8.0.8, 8.1.1

https://support.oracle.com

Oracle Financial Services Model Management and Governance, versions 8.0.8-8.1.1

https://support.oracle.com/rs?type=doc&id=2825611.1

Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versions 8.0.7, 8.0.8

https://support.oracle.com/rs?type=doc&id=2833718.1

Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.4.0, 14.5.0

https://support.oracle.com

Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0

https://support.oracle.com

Oracle Fusion Middleware, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Fusion Middleware MapViewer, version 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle GoldenGate, versions prior to 12.3.0.1, prior to 19.1.0.0.220118, prior to 21.4.0.0.0, prior to 21.5.0.0.220118

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle GraalVM Enterprise Edition, versions 20.3.4, 21.3.0

https://support.oracle.com/rs?type=doc&id=2828114.1

Oracle Graph Server and Client, versions prior to 21.4

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Health Sciences Clinical Development Analytics, version 4.0.1

https://support.oracle.com/rs?type=doc&id=2827314.1

Oracle Health Sciences InForm CRF Submit, version 6.2.1

https://support.oracle.com/rs?type=doc&id=2827314.1

Oracle Health Sciences Information Manager, versions 3.0.2, 3.0.3

https://support.oracle.com/rs?type=doc&id=2827318.1

Oracle Healthcare Data Repository, versions 7.0.2, 8.1.0, 8.1.1

https://support.oracle.com/rs?type=doc&id=2827318.1

Oracle Healthcare Foundation, versions 7.3.0.0-7.3.0.2, 8.0.0-8.0.2, 8.1.0-8.1.1

https://support.oracle.com/rs?type=doc&id=2827318.1

Oracle Healthcare Translational Research, version 4.1.0

https://support.oracle.com/rs?type=doc&id=2827318.1

Oracle Hospitality Cruise Shipboard Property Management System, version 20.1.0

https://support.oracle.com/rs?type=doc&id=2824526.1

Oracle Hospitality OPERA 5, version 5.6

https://support.oracle.com/rs?type=doc&id=2824790.1

Oracle Hospitality Reporting and Analytics, version 9.1.0

https://support.oracle.com/rs?type=doc&id=2825723.1

Oracle Hospitality Suite8, versions 8.10.2, 8.11.0, 8.12.0, 8.13.0, 8.14.0

https://support.oracle.com/rs?type=doc&id=2824342.1

Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0, 12.2.1.5.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Hyperion Infrastructure Technology, version 11.2.7.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle iLearning, versions 6.2, 6.3

https://support.oracle.com/rs?type=doc&id=2732007.1

Oracle Insurance Data Gateway, versions 11.0.2, 11.1.0, 11.2.7, 11.3.0, 11.3.1

https://support.oracle.com/rs?type=doc&id=2832476.1

Oracle Insurance Insbridge Rating and Underwriting, versions 5.2.0, 5.4.0-5.6.0

https://support.oracle.com/rs?type=doc&id=2832476.1

Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0, 11.2.7, 11.3.0, 11.3.1

https://support.oracle.com/rs?type=doc&id=2832476.1

Oracle Insurance Policy Administration J2EE, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0

https://support.oracle.com/rs?type=doc&id=2832476.1

Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0, 11.3.1

https://support.oracle.com/rs?type=doc&id=2832476.1

Oracle Java SE, versions 7u321, 8u311, 11.0.13, 17.1

https://support.oracle.com/rs?type=doc&id=2828114.1

Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle NoSQL Database, versions prior to 21.1.12

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Policy Automation, versions 12.2.0-12.2.24

https://support.oracle.com/rs?type=doc&id=2832841.1

Oracle Product Lifecycle Analytics, version 3.6.1

https://support.oracle.com/rs?type=doc&id=2832006.1

Oracle Rapid Planning, versions 12.2.6-12.2.11

https://support.oracle.com/rs?type=doc&id=2832006.1

Oracle Real User Experience Insight, versions 13.4.1.0, 13.5.1.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle REST Data Services, versions prior to 21.2.4

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Retail Allocation, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Analytics, version 21.0.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Assortment Planning, version 16.0.3

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Back Office, version 14.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Central Office, version 14.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Customer Insights, version 21.0.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Customer Management and Segmentation Foundation, versions 16.0-19.0

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail EFTLink, versions 16.0.3, 17.0.2, 18.0.1, 19.0.1, 20.0.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Extract Transform and Load, version 13.2.8

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Fiscal Management, version 14.2

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Integration Bus, versions 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Invoice Matching, versions 15.0.3, 16.0.3

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Merchandising System, version 19.0.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Order Broker, versions 16.0, 18.0, 19.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Order Management System, version 19.5

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Point-of-Service, version 14.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Predictive Application Server, versions 14.1.3, 14.1.3.46, 15.0.3, 15.0.3.115, 16.0.3, 16.0.3.240

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Price Management, versions 13.2, 14.0.4, 14.1, 14.1.3, 15, 15.0.3, 16, 16.0.3

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Returns Management, version 14.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Service Backbone, versions 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Size Profile Optimization, version 16.0.3

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle Retail Xstore Point of Service, versions 17.0.4, 18.0.3, 19.0.2, 20.0.1

https://support.oracle.com/rs?type=doc&id=2826068.1

Oracle SD-WAN Aware, version 8.2

https://support.oracle.com/rs?type=doc&id=2833597.1

Oracle SD-WAN Edge, versions 9.0, 9.1

https://support.oracle.com/rs?type=doc&id=2833604.1

Oracle Secure Backup, versions prior to 18.1.0.1.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Solaris, versions 10, 11

https://support.oracle.com/rs?type=doc&id=2832878.1

Oracle Spatial Studio, versions prior to 21.2.1

https://support.oracle.com/rs?type=doc&id=2832117.1

Oracle Thesaurus Management System, versions 5.2.3, 5.3.0, 5.3.1

https://support.oracle.com/rs?type=doc&id=2827314.1

Oracle TimesTen In-Memory Database, versions prior to 11.2.2.8.27, prior to 21.1.1.1.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0

https://support.oracle.com/rs?type=doc&id=2832617.1

Oracle Utilities Testing Accelerator, versions 6.0.0.1.1, 6.0.0.2.2, 6.0.0.3.1

https://support.oracle.com/rs?type=doc&id=2832617.1

Oracle VM VirtualBox, versions prior to 6.1.32

https://support.oracle.com/rs?type=doc&id=2833279.1

Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle WebLogic Server, versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

https://support.oracle.com/rs?type=doc&id=2817011.1

Oracle ZFS Storage Appliance Kit, version 8.8

https://support.oracle.com/rs?type=doc&id=2832878.1

Oracle ZFS Storage Application Integration Engineering Software, version 1.3.3

https://support.oracle.com/rs?type=doc&id=2832878.1

OSS Support Tools, versions prior to 2.12.42

https://support.oracle.com/rs?type=doc&id=2833277.1

PeopleSoft Enterprise CS SA Integration Pack, versions 9.0, 9.2

https://support.oracle.com/rs?type=doc&id=2831970.1

PeopleSoft Enterprise PeopleTools, versions 8.57, 8.58, 8.59

https://support.oracle.com/rs?type=doc&id=2831970.1

Primavera Analytics, versions 18.8.3.3, 19.12.11.1, 20.12.12.0

https://support.oracle.com/rs?type=doc&id=2829871.1

Primavera Data Warehouse, versions 18.8.3.3, 19.12.11.1, 20.12.12.0

https://support.oracle.com/rs?type=doc&id=2829871.1

Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.13, 19.12.0-19.12.12, 20.12.0-20.12.7, 21.12.0

https://support.oracle.com/rs?type=doc&id=2829871.1

Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.18.0, 20.12.0.0-20.12.12.0, 21.12.0.0

https://support.oracle.com/rs?type=doc&id=2829871.1

Primavera P6 Professional Project Management, versions 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.17.0, 20.12.0.0-20.12.9.0

https://support.oracle.com/rs?type=doc&id=2829871.1

Primavera Portfolio Management, versions 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0, 20.0.0.1

https://support.oracle.com/rs?type=doc&id=2829871.1

Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12

https://support.oracle.com/rs?type=doc&id=2829871.1

Siebel Applications, versions 21.11 and prior

https://support.oracle.com/rs?type=doc&id=2832003.1

END

【安全更新】Oracle全系产品1月关键补丁更新通告         
【安全更新】Oracle全系产品1月关键补丁更新通告        
声明

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。            

绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。            

【安全更新】Oracle全系产品1月关键补丁更新通告

绿盟科技CERT 微信公众号
【安全更新】Oracle全系产品1月关键补丁更新通告
【安全更新】Oracle全系产品1月关键补丁更新通告
长按识别二维码,关注网络安全威胁信息

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月20日02:35:22
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  【安全更新】Oracle全系产品1月关键补丁更新通告 http://cn-sec.com/archives/745422.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: