【安全更新】Oracle全系产品4月关键补丁更新通告

【安全更新】Oracle全系产品4月关键补丁更新通告
2021-04-21 19:38:48 Author: blog.nsfocus.net(查看原文) 阅读量:239 收藏

2021年4月21日，绿盟科技监测发现Oracle官方发布了4月关键补丁更新公告CPU（Critical Patch Update），共修复了400个不同程度的漏洞，此次安全更新涉及Oracle Database Server、Oracle Java SE、Oracle Fusion Middleware、Oracle MySQL、Oracle Communications等多个常用产品。Oracle强烈建议客户尽快应用关键补丁更新修复程序，对漏洞进行修复。

此次安全更新针对Oracle Communications Applications发布了13个安全补丁。其中的12个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞如下：

此次安全更新针对Oracle E-Business Suite发布了70个安全补丁。其中的22个漏洞在未经用户身份验证的情况下即可远程进行利用。攻击者可以通过HTTP访问网络，从而破坏套件中的产品，从而对关键数据的未授权访问或对所有套件中产品可访问数据的完全访问。高危漏洞编号如下：

此次安全更新针对Oracle Fusion Middleware发布了45个安全补丁。其中有36个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下：

此次安全更新针对Oracle Retail Applications发布了35个安全补丁。其中有31个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下：

产品	漏洞个数	未授权远程利用个数	最高CVSS评分
Oracle Database Products Risk Matrices	10	4	7.5
Oracle Database Server	10	4	7.5
Oracle Global Lifecycle Management	1	1	6.5
Oracle NoSQL Database	4	3	7.5
Oracle REST Data Services	1	1	5.3
Oracle Spatial Studio	2	1	5.3
Oracle SQL Developer	1	1	7.5
Oracle Commerce	4	4	7.5
Oracle Communications Applications	13	12	9.8
Oracle Communications	22	9	9.8
Oracle Construction and Engineering	8	6	9.8
Oracle E-Business Suite	70	22	9.1
Oracle Enterprise Manager	9	8	9.8
Oracle Financial Services Applications	15	10	9.8
Oracle Food and Beverage Applications	2	1	7.5
Oracle Fusion Middleware	45	36	9.8
Oracle Health Sciences Applications	3	3	9.1
Oracle Hospitality Applications	6	4	9.8
Oracle Hyperion	2	1	9.6
Oracle iLearning	1	0	5.5
Oracle Insurance Applications	1	1	7.3
Oracle Java SE	4	4	7.5
Oracle JD Edwards	10	10	9.8
Oracle MySQL	49	10	9.8
Oracle PeopleSoft	18	13	8.3
Oracle Retail Applications	35	31	9.8
Oracle Siebel CRM	8	7	8.1
Oracle Storage Gateway	6	2	10
Oracle Supply Chain	5	5	9.8
Oracle Support Tools	1	0	4.9
Oracle Systems	5	1	10
Oracle Utilities Applications	5	5	9.8
Oracle Virtualization	24	5	10

受影响产品及版本号	可用补丁
Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite, versions 3.5, 3.6	https://support.oracle.com/rs?type=doc&id=2764116.1
Agile Product Lifecycle Management Integration Pack for SAP: Design to Release, versions 3.5, 3.6	https://support.oracle.com/rs?type=doc&id=2764116.1
Enterprise Manager Base Platform, version 13.4.0.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Enterprise Manager for Fusion Middleware, versions 12.2.1.4, 13.4.0.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Enterprise Manager for Virtualization, version 13.4.0.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Enterprise Manager Ops Center, version 12.4.0.0	https://support.oracle.com/rs?type=doc&id=2749094.1
FMW Platform, versions 12.2.1.3.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Hyperion Analytic Provider Services, versions 11.1.2.4, 12.2.1.4	https://support.oracle.com/rs?type=doc&id=2749094.1
Hyperion Financial Management, version 11.1.2.4	https://support.oracle.com/rs?type=doc&id=2749094.1
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3	https://support.oracle.com/rs?type=doc&id=2759893.1
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.5.3	https://support.oracle.com/rs?type=doc&id=2764116.1
JD Edwards EnterpriseOne Tools, versions prior to 9.2.4.0, prior to 9.2.5.3	https://support.oracle.com/rs?type=doc&id=2764116.1
JD Edwards World Security, version A9.4	https://support.oracle.com/rs?type=doc&id=2764116.1
MySQL Cluster, versions 8.0.23 and prior	https://support.oracle.com/rs?type=doc&id=2764660.1
MySQL Enterprise Monitor, versions 8.0.23 and prior	https://support.oracle.com/rs?type=doc&id=2764660.1
MySQL Server, versions 5.7.33 and prior, 8.0.23 and prior	https://support.oracle.com/rs?type=doc&id=2764660.1
MySQL Workbench, versions 8.0.23 and prior	https://support.oracle.com/rs?type=doc&id=2764660.1
Oracle Advanced Supply Chain Planning, versions 12.1, 12.2	https://support.oracle.com/rs?type=doc&id=2764116.1
Oracle Agile PLM, versions 9.3.3, 9.3.5, 9.3.6	https://support.oracle.com/rs?type=doc&id=2764116.1
Oracle API Gateway, version 11.1.2.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Application Express, versions prior to 20.2	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Application Testing Suite, version 13.3.0.1	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle BAM (Business Activity Monitoring), versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Banking Platform, versions 2.4.0, 2.6.2, 2.7.0, 2.7.1, 2.8.0, 2.9.0, 2.10.0	https://support.oracle.com/rs?type=doc&id=2763992.1
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Cloud Infrastructure Storage Gateway, versions prior to 1.4	https://support.oracle.com
Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Commerce Guided Search, versions 11.3.0, 11.3.1, 11.3.2	https://support.oracle.com/rs?type=doc&id=2768282.1
Oracle Commerce Merchandising, versions 0, 11.0.0, 11.1, 11.2.0, 11.3.0, 11.3.1, 11.3.2	https://support.oracle.com/rs?type=doc&id=2768282.1
Oracle Communications Application Session Controller, version 3.9m0p3	https://support.oracle.com/rs?type=doc&id=2766613.1
Oracle Communications Calendar Server, version 8.0	https://support.oracle.com/rs?type=doc&id=2765939.1
Oracle Communications Contacts Server, version 8.0	https://support.oracle.com/rs?type=doc&id=2765941.1
Oracle Communications Converged Application Server – Service Controller, version 6.2	https://support.oracle.com/rs?type=doc&id=2652618.1
Oracle Communications Design Studio, version 7.4.2	https://support.oracle.com/rs?type=doc&id=2765926.1
Oracle Communications Interactive Session Recorder, versions 6.3, 6.4	https://support.oracle.com/rs?type=doc&id=2766616.1
Oracle Communications Messaging Server, versions 8.0.2, 8.1, 8.1.0	https://support.oracle.com/rs?type=doc&id=2765925.1
Oracle Communications MetaSolv Solution, versions 6.3.0, 6.3.1	https://support.oracle.com/rs?type=doc&id=2769144.1
Oracle Communications Performance Intelligence Center Software, versions 10.4.0.2, 10.4.0.3	https://support.oracle.com/rs?type=doc&id=2766633.1
Oracle Communications Services Gatekeeper, versions 6.0, 6.1, 7.0	https://support.oracle.com/rs?type=doc&id=2766634.1
Oracle Communications Session Border Controller, versions Cz8.2, Cz8.3, Cz8.4	https://support.oracle.com/rs?type=doc&id=2739349.1
Oracle Communications Session Router, versions Cz8.2, Cz8.3, Cz8.4	https://support.oracle.com/rs?type=doc&id=2739349.1
Oracle Communications Subscriber-Aware Load Balancer, versions Cz8.2, Cz8.3, Cz8.4	https://support.oracle.com/rs?type=doc&id=2739349.1
Oracle Communications Unified Inventory Management, versions 7.3.4, 7.3.5, 7.4.0, 7.4.1	https://support.oracle.com/rs?type=doc&id=2765938.1
Oracle Communications Unified Session Manager, version SCz8.2.5	https://support.oracle.com/rs?type=doc&id=2766637.1
Oracle Database Server, versions 12.1.0.2, 12.2.0.1, 18c, 19c	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10	https://support.oracle.com/rs?type=doc&id=2759182.1
Oracle Endeca Information Discovery Studio, version 3.2.0.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Enterprise Communications Broker, versions PCZ3.1, PCZ3.2, PCZ3.3	https://support.oracle.com/rs?type=doc&id=2764238.1
Oracle Enterprise Repository, version 11.1.1.7.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Enterprise Session Border Controller, versions Cz8.2, Cz8.3, Cz8.4	https://support.oracle.com/rs?type=doc&id=2739350.1
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0	https://support.oracle.com/rs?type=doc&id=2763211.1
Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3	https://support.oracle.com
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0	https://support.oracle.com
Oracle Fusion Middleware, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Global Lifecycle Management OPatch, versions prior to 12.2.0.1.22	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle GraalVM Enterprise Edition, versions 19.3.5, 20.3.1.2, 21.0.0.2	https://support.oracle.com/rs?type=doc&id=2762944.1
Oracle Graph Server and Client	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Health Sciences Empirica Signal, versions 9.0, 9.1	https://support.oracle.com/rs?type=doc&id=2760190.1
Oracle Health Sciences Information Manager, versions 3.0.0-3.0.2	https://support.oracle.com/rs?type=doc&id=2760190.1
Oracle Healthcare Foundation, versions 7.1.5, 7.2.2, 7.3.0, 7.3.1, 8.0.1	https://support.oracle.com/rs?type=doc&id=2760190.1
Oracle Hospitality Cruise Shipboard Property Management System, version 20.1.0	https://support.oracle.com/rs?type=doc&id=2758870.1
Oracle Hospitality Inventory Management, version 9.1.0	https://support.oracle.com/rs?type=doc&id=2753194.1
Oracle Hospitality OPERA 5, versions 5.5, 5.6	https://support.oracle.com/rs?type=doc&id=2758188.1
Oracle Hospitality RES 3700, versions 5.7.0-5.7.6	https://support.oracle.com/rs?type=doc&id=2754008.1
Oracle HTTP Server, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Identity Manager Connector, version 11.1.1.5.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle iLearning, versions 6.2, 6.3	https://support.oracle.com/rs?type=doc&id=2764116.1
Oracle Insurance Data Gateway, version 1.0.2.3	https://support.oracle.com/rs?type=doc&id=2760529.1
Oracle Java SE, versions 7u291, 8u281, 11.0.10, 16	https://support.oracle.com/rs?type=doc&id=2762944.1
Oracle Java SE Embedded, version 8u281	https://support.oracle.com/rs?type=doc&id=2762944.1
Oracle NoSQL Database, versions prior to 20.3	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Outside In Technology, version 8.5.5	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Platform Security for Java, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Rapid Planning, version 12.1.3	https://support.oracle.com/rs?type=doc&id=2764116.1
Oracle REST Data Services, versions prior to 20.4.3.50.1904	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Retail Advanced Inventory Planning, version 14.1	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Assortment Planning, version 16.0.3	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Back Office, version 14.1	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Category Management Planning & Optimization, version 16.0.3	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Central Office, version 14.1	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail EFTLink, versions 15.0.2, 16.0.3, 17.0.2, 18.0.1, 19.0.1, 20.0.0	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Insights Cloud Service Suite, version 19.0	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Item Planning, version 16.0.3	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Macro Space Optimization, version 16.0.3	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Merchandise Financial Planning, version 16.0.3	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Merchandising System, version 16.0.3	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Point-of-Service, version 14.1	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Predictive Application Server, versions 14.1, 15.0, 16.0	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Regular Price Optimization, version 16.0.3	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Replenishment Optimization, version 16.0.3	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Returns Management, version 14.1	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Sales Audit, version 14.0	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Size Profile Optimization, version 16.0.3	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Store Inventory Management, versions 14.1.3.10, 15.0.3.5, 16.0.3.5	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle Retail Xstore Point of Service, versions 15.0.4, 16.0.6, 17.0.4, 18.0.3, 19.0.2	https://support.oracle.com/rs?type=doc&id=2757913.1
Oracle SD-WAN Aware, version 8.2	https://support.oracle.com/rs?type=doc&id=2766632.1
Oracle SD-WAN Edge, versions 8.2, 9.0	https://support.oracle.com/rs?type=doc&id=2766631.1
Oracle Secure Backup	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Secure Global Desktop, version 5.6	https://support.oracle.com/rs?type=doc&id=2764185.1
Oracle Security Service, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Service Bus, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Solaris, versions 10, 11	https://support.oracle.com/rs?type=doc&id=2765282.1
Oracle Spatial Studio, versions prior to 19.1.0, prior to 20.1.1	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle SQL Developer, versions prior to 20.4.1.407.6	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Storage Cloud Software Appliance, versions prior to 16.3.1.4.2	https://support.oracle.com
Oracle TimesTen In-Memory Database	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0	https://support.oracle.com/rs?type=doc&id=2760203.1
Oracle VM VirtualBox, versions prior to 6.1.20	https://support.oracle.com/rs?type=doc&id=2764185.1
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle WebLogic Server Proxy Plug-In, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2749094.1
Oracle ZFS Storage Appliance Kit, version 8.8	https://support.oracle.com/rs?type=doc&id=2765282.1
OSS Support Tools, versions prior to 2.12.41	https://support.oracle.com/rs?type=doc&id=2766621.1
PeopleSoft Enterprise CS Campus Community, version 9.2	https://support.oracle.com/rs?type=doc&id=2764116.1
PeopleSoft Enterprise FIN Common Application Objects, version 9.2	https://support.oracle.com/rs?type=doc&id=2764116.1
PeopleSoft Enterprise FIN Expenses, version 9.2	https://support.oracle.com/rs?type=doc&id=2764116.1
PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58	https://support.oracle.com/rs?type=doc&id=2764116.1
PeopleSoft Enterprise PT PeopleTools, versions 8.56, 8.57, 8.58	https://support.oracle.com/rs?type=doc&id=2764116.1
PeopleSoft Enterprise SCM eProcurement, version 9.2	https://support.oracle.com/rs?type=doc&id=2764116.1
PeopleSoft Enterprise SCM Purchasing, version 9.2	https://support.oracle.com/rs?type=doc&id=2764116.1
Primavera Gateway, versions 17.12.0-17.12.10	https://support.oracle.com/rs?type=doc&id=2759893.1
Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12, 20.12	https://support.oracle.com/rs?type=doc&id=2759893.1
Siebel Applications, versions 21.2 and prior	https://support.oracle.com/rs?type=doc&id=2764116.1

本安全公告仅用来描述可能存在的安全问题，绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，绿盟科技以及安全公告作者不为此承担任何责任。

文章来源: http://blog.nsfocus.net/oracle202104/
如有侵权请联系:admin#unsafe.sh