2021年7月21日,绿盟科技CERT监测发现Oracle官方发布了7月关键补丁更新公告CPU(Critical Patch Update),共修复了342个不同程度的漏洞,此次安全更新涉及Oracle Database Server、Oracle Java SE、Oracle Fusion Middleware、Oracle MySQL、Oracle Communications等多个常用产品。Oracle强烈建议客户尽快应用关键补丁更新修复程序,对漏洞进行修复。
此次安全更新针对Oracle Communications Applications发布了33个安全补丁,有22个漏洞在未经用户身份验证的情况下即可远程进行利用。其中高危漏洞如下:
此次安全更新针对Oracle Retail Applications发布了23个安全补丁,有15个漏洞在未经用户身份验证的情况下即可远程进行利用。其中高危漏洞如下:
产品 | 漏洞个数 | 未授权远程利用个数 | 最高CVSS评分 |
Oracle Database Products Risk Matrices | 16 | 1 | 8.3 |
Oracle Database Server | 16 | 1 | 8.3 |
Oracle Big Data Graph | 2 | 2 | 8.8 |
Oracle Essbase | 9 | 8 | 10 |
Oracle Commerce | 11 | 8 | 9.8 |
Oracle Communications Applications | 33 | 22 | 9.9 |
Oracle Communications | 26 | 23 | 9.8 |
Oracle Construction and Engineering | 10 | 5 | 9.8 |
Oracle E-Business Suite | 17 | 3 | 9.1 |
Oracle Enterprise Manager | 8 | 8 | 9.8 |
Oracle Financial Services Applications | 22 | 17 | 9.9 |
Oracle Food and Beverage Applications | 6 | 0 | 8.1 |
Oracle Fusion Middleware | 48 | 35 | 9.9 |
Oracle Hospitality Applications | 1 | 0 | 5.5 |
Oracle Hyperion | 6 | 4 | 9.8 |
Oracle Insurance Applications | 4 | 3 | 8.8 |
Oracle Java SE | 6 | 5 | 9.8 |
Oracle JD Edwards | 9 | 8 | 9.8 |
Oracle MySQL | 41 | 10 | 8.8 |
Oracle PeopleSoft | 14 | 8 | 9.8 |
Oracle Policy Automation | 1 | 1 | 9.8 |
Oracle Retail Applications | 23 | 15 | 9.9 |
Oracle Siebel CRM | 6 | 4 | 8.1 |
Oracle Supply Chain | 5 | 5 | 7.5 |
Oracle Support Tools | 1 | 1 | 6.1 |
Oracle Systems | 11 | 9 | 9.8 |
Oracle Virtualization | 6 | 1 | 9.9 |
Oracle Database Products Risk Matrices | 16 | 1 | 8.3 |
Oracle Database Server | 16 | 1 | 8.3 |
Oracle Big Data Graph | 2 | 2 | 8.8 |
Oracle Essbase | 9 | 8 | 10 |
Oracle Commerce | 11 | 8 | 9.8 |
Oracle Communications Applications | 33 | 22 | 9.9 |
Oracle Communications | 26 | 23 | 9.8 |
Oracle Construction and Engineering | 10 | 5 | 9.8 |
Oracle E-Business Suite | 17 | 3 | 9.1 |
Oracle Enterprise Manager | 8 | 8 | 9.8 |
Oracle Financial Services Applications | 22 | 17 | 9.9 |
Oracle Food and Beverage Applications | 6 | 0 | 8.1 |
Oracle Fusion Middleware | 48 | 35 | 9.9 |
Oracle Hospitality Applications | 1 | 0 | 5.5 |
Oracle Hyperion | 6 | 4 | 9.8 |
Oracle Insurance Applications | 4 | 3 | 8.8 |
Oracle Java SE | 6 | 5 | 9.8 |
Oracle JD Edwards | 9 | 8 | 9.8 |
Oracle MySQL | 41 | 10 | 8.8 |
Oracle PeopleSoft | 14 | 8 | 9.8 |
Oracle Policy Automation | 1 | 1 | 9.8 |
Oracle Retail Applications | 23 | 15 | 9.9 |
Oracle Siebel CRM | 6 | 4 | 8.1 |
Oracle Supply Chain | 5 | 5 | 7.5 |
Oracle Support Tools | 1 | 1 | 6.1 |
Oracle Systems | 11 | 9 | 9.8 |
Oracle Virtualization | 6 | 1 | 9.9 |
受影响产品及版本号 | 可用补丁 |
Big Data Spatial and Graph, versions prior to 2.0, prior to 23.1 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Enterprise Manager Base Platform, version 13.4.0.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Essbase, version 21.2 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Essbase Analytic Provider Services, versions 11.1.2.4, 21.2 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2400, prior to XCP3100 | https://support.oracle.com/rs?type=doc&id=2788472.1 |
Hyperion Essbase Administration Services, versions 11.1.2.4, 21.2 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Hyperion Financial Reporting, versions 11.1.2.4, 11.2.5.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Hyperion Infrastructure Technology, versions 11.1.2.4, 11.2.5.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Identity Manager, versions 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3 | https://support.oracle.com/rs?type=doc&id=2783281.1 |
JD Edwards EnterpriseOne Orchestrator, versions 9.2.5.3 and prior | https://support.oracle.com/rs?type=doc&id=2787996.1 |
JD Edwards EnterpriseOne Tools, versions 9.2.5.3 and prior | https://support.oracle.com/rs?type=doc&id=2787996.1 |
MICROS Compact Workstation 3, version 310 | https://support.oracle.com/rs?type=doc&id=2758251.1 |
MICROS ES400 Series, versions 400-410 | https://support.oracle.com/rs?type=doc&id=2758251.1 |
MICROS Kitchen Display System Hardware, version 210 | https://support.oracle.com/rs?type=doc&id=2758251.1 |
MICROS Workstation 5A, version 5A | https://support.oracle.com/rs?type=doc&id=2758251.1 |
MICROS Workstation 6, versions 610-655 | https://support.oracle.com/rs?type=doc&id=2758251.1 |
MySQL Cluster, versions 8.0.25 and prior | https://support.oracle.com/rs?type=doc&id=2787955.1 |
MySQL Connectors, versions 8.0.23 and prior | https://support.oracle.com/rs?type=doc&id=2787955.1 |
MySQL Enterprise Monitor, versions 8.0.23 and prior | https://support.oracle.com/rs?type=doc&id=2787955.1 |
MySQL Server, versions 5.7.34 and prior, 8.0.25 and prior | https://support.oracle.com/rs?type=doc&id=2787955.1 |
Oracle Access Manager, version 11.1.2.3.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Agile Engineering Data Management, version 6.2.1.0 | https://support.oracle.com/rs?type=doc&id=2787997.1 |
Oracle Agile PLM, versions 9.3.3, 9.3.5, 9.3.6 | https://support.oracle.com/rs?type=doc&id=2787997.1 |
Oracle Application Express, versions prior to 21.1.0.0.4 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Application Express (CKEditor), versions prior to 21.1.0.0.1 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Application Express Application Builder (DOMPurify), versions prior to 21.1.0.0.1 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Application Testing Suite, version 13.3.0.1 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle BAM (Business Activity Monitoring), versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Banking Enterprise Default Management, versions 2.10.0, 2.12.0 | https://support.oracle.com/rs?type=doc&id=2787695.1 |
Oracle Banking Liquidity Management, versions 14.2, 14.3, 14.5 | https://support.oracle.com |
Oracle Banking Party Management, version 2.7.0 | https://support.oracle.com/rs?type=doc&id=2787695.1 |
Oracle Banking Platform, versions 2.4.0, 2.7.1, 2.9.0, 2.12.0 | https://support.oracle.com/rs?type=doc&id=2787695.1 |
Oracle Banking Treasury Management, version 14.4 | https://support.oracle.com |
Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Business Intelligence Enterprise Edition, version 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Commerce Guided Search, version 11.3.2 | https://support.oracle.com/rs?type=doc&id=2792990.1 |
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 11.3.1.5, 11.3.2 | https://support.oracle.com/rs?type=doc&id=2792990.1 |
Oracle Commerce Merchandising, versions 11.1.0, 11.2.0, 11.3.0-11.3.2 | https://support.oracle.com/rs?type=doc&id=2792990.1 |
Oracle Commerce Platform, versions 11.0.0, 11.1.0, 11.2.0, 11.3.0-11.3.2 | https://support.oracle.com/rs?type=doc&id=2792990.1 |
Oracle Commerce Service Center, versions 11.0.0, 11.1.0, 11.2.0, 11.3.0-11.3.2 | https://support.oracle.com/rs?type=doc&id=2792990.1 |
Oracle Communications Application Session Controller, version 3.9 | https://support.oracle.com/rs?type=doc&id=2787241.1 |
Oracle Communications Billing and Revenue Management, versions 7.5.0.23.0, 12.0.0.3.0 | https://support.oracle.com/rs?type=doc&id=2785183.1 |
Oracle Communications BRM – Elastic Charging Engine, versions 11.3.0.9.0, 12.0.0.3.0 | https://support.oracle.com/rs?type=doc&id=2785183.1 |
Oracle Communications Cloud Native Core Console, version 1.4.0 | https://support.oracle.com/rs?type=doc&id=2791671.1 |
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 1.4.0, 1.7.0 | https://support.oracle.com/rs?type=doc&id=2791656.1 |
Oracle Communications Cloud Native Core Network Slice Selection Function, version 1.2.1 | https://support.oracle.com/rs?type=doc&id=2791657.1 |
Oracle Communications Cloud Native Core Policy, versions 1.5.0, 1.9.0 | https://support.oracle.com/rs?type=doc&id=2791658.1 |
Oracle Communications Cloud Native Core Security Edge Protection Proxy, version 1.7.0 | https://support.oracle.com/rs?type=doc&id=2791680.1 |
Oracle Communications Cloud Native Core Service Communication Proxy, version 1.5.2 | https://support.oracle.com/rs?type=doc&id=2791682.1 |
Oracle Communications Cloud Native Core Unified Data Repository, versions 1.4.0, 1.6.0 | https://support.oracle.com/rs?type=doc&id=2791683.1 |
Oracle Communications Convergent Charging Controller, version 12.0.4.0.0 | https://support.oracle.com/rs?type=doc&id=2790722.1 |
Oracle Communications Design Studio, version 7.4.2 | https://support.oracle.com/rs?type=doc&id=2789906.1 |
Oracle Communications Diameter Signaling Router (DSR), versions 8.0.0-8.5.0 | https://support.oracle.com/rs?type=doc&id=2787208.1 |
Oracle Communications EAGLE Software, versions 46.6.0-46.8.2 | https://support.oracle.com/rs?type=doc&id=2787243.1 |
Oracle Communications Evolved Communications Application Server, version 7.1 | https://support.oracle.com/rs?type=doc&id=2787205.1 |
Oracle Communications Instant Messaging Server, version 10.0.1.4.0 | https://support.oracle.com/rs?type=doc&id=2786444.1 |
Oracle Communications Network Charging and Control, versions 6.0.1.0, 12.0.1.0-12.0.4.0, 12.0.4.0.0 | https://support.oracle.com/rs?type=doc&id=2790722.1 |
Oracle Communications Offline Mediation Controller, version 12.0.0.3.0 | https://support.oracle.com/rs?type=doc&id=2785182.1 |
Oracle Communications Pricing Design Center, version 12.0.0.3.0 | https://support.oracle.com/rs?type=doc&id=2785183.1 |
Oracle Communications Services Gatekeeper, versions 7.0, 8.2 | https://support.oracle.com/rs?type=doc&id=2787242.1 |
Oracle Communications Unified Inventory Management, versions 7.3.2, 7.3.4, 7.3.5, 7.4.0, 7.4.1 | https://support.oracle.com/rs?type=doc&id=27851890.1 |
Oracle Configuration Manager, version 12.1.2.0.8 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Data Integrator, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Database Server, versions 12.1.0.2, 12.2.0.1, 19c | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10 | https://support.oracle.com/rs?type=doc&id=2770321.1 |
Oracle Enterprise Data Quality, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Enterprise Repository, version 11.1.1.7.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.0.9, 8.1.0 | https://support.oracle.com/rs?type=doc&id=2787723.1 |
Oracle Financial Services Crime and Compliance Investigation Hub, version 20.1.2 | https://support.oracle.com/rs?type=doc&id=2792414.1 |
Oracle Financial Services Regulatory Reporting with AgileREPORTER, version 8.0.9.6.3 | https://support.oracle.com/rs?type=doc&id=2791194.1 |
Oracle Financial Services Revenue Management and Billing Analytics, versions 2.7.0, 2.8.0 | https://support.oracle.com/rs?type=doc&id= 2787723.1 |
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0 | https://support.oracle.com |
Oracle FLEXCUBE Universal Banking, versions 12.0-12.4, 14.0-14.4.0 | https://support.oracle.com |
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle GoldenGate Application Adapters, version 19.1.0.0.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle GraalVM Enterprise Edition, versions 20.3.2, 21.1.0 | https://support.oracle.com/rs?type=doc&id=2787003.1 |
Oracle Hospitality Reporting and Analytics, version 9.1.0 | https://support.oracle.com/rs?type=doc&id=2780088.1 |
Oracle Hospitality Suite8, versions 8.13, 8.14 | https://support.oracle.com/rs?type=doc&id=2785669.1 |
Oracle Hyperion BI+, versions 11.1.2.4, 11.2.5.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0-11.3.0 | https://support.oracle.com/rs?type=doc&id=2784893.1 |
Oracle Insurance Policy Administration J2EE, version 11.0.2 | https://support.oracle.com/rs?type=doc&id=2784893.1 |
Oracle Insurance Rules Palette, versions 11.0.2, 11.1.0-11.3.0 | https://support.oracle.com/rs?type=doc&id=2784893.1 |
Oracle Java SE, versions 7u301, 8u291, 11.0.11, 16.0.1 | https://support.oracle.com/rs?type=doc&id=2787003.1 |
Oracle JDeveloper, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle JDeveloper and ADF, version 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Outside In Technology, version 8.5.5 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle Policy Automation, versions 12.2.0-12.2.22 | https://support.oracle.com/rs?type=doc&id=2782105.1 |
Oracle Retail Back Office, version 14.1 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Central Office, version 14.1 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Customer Engagement, versions 16.0-19.0 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0-19.0 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3.0 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3.0 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Merchandising System, versions 14.1.3.2, 15.0.3.1, 16.0.3 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Order Broker, versions 15.0, 16.0 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Order Management System Cloud Service, version 19.5 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Point-of-Service, version 14.1 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Price Management, versions 14.0, 14.1, 15.0, 16.0 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Returns Management, version 14.1 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3.0 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle Retail Xstore Point of Service, versions 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1 | https://support.oracle.com/rs?type=doc&id=2783353.1 |
Oracle SD-WAN Aware, versions 8.2, 9.0 | https://support.oracle.com/rs?type=doc&id=2787244.1 |
Oracle SD-WAN Edge, versions 8.2, 9.0, 9.1 | https://support.oracle.com/rs?type=doc&id=2787240.1 |
Oracle Secure Global Desktop, version 5.6 | https://support.oracle.com/rs?type=doc&id=2788251.1 |
Oracle Solaris, version 11 | https://support.oracle.com/rs?type=doc&id=2788472.1 |
Oracle Solaris Cluster, version 4.4 | https://support.oracle.com/rs?type=doc&id=2788472.1 |
Oracle Transportation Management, version 6.4.3 | https://support.oracle.com/rs?type=doc&id=2787997.1 |
Oracle VM VirtualBox, versions prior to 6.1.24 | https://support.oracle.com/rs?type=doc&id=2788251.1 |
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Oracle ZFS Storage Appliance Kit, version 8.8 | https://support.oracle.com/rs?type=doc&id=2788472.1 |
OSS Support Tools, versions prior to 2.12.41 | https://support.oracle.com/rs?type=doc&id=2787969.1 |
PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2 | https://support.oracle.com/rs?type=doc&id=2787995.1 |
PeopleSoft Enterprise HCM Candidate Gateway, version 9.2 | https://support.oracle.com/rs?type=doc&id=2787995.1 |
PeopleSoft Enterprise HCM Shared Components, version 9.2 | https://support.oracle.com/rs?type=doc&id=2787995.1 |
PeopleSoft Enterprise PeopleTools, versions 8.57, 8.58, 8.58.8.59, 8.59 | https://support.oracle.com/rs?type=doc&id=2787995.1 |
PeopleSoft Enterprise PT PeopleTools, versions 8.57, 8.58, 8.59 | https://support.oracle.com/rs?type=doc&id=2787995.1 |
Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.11, 19.12.0-19.12.10, 20.12.0 | https://support.oracle.com/rs?type=doc&id=2783281.1 |
Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0-17.12.20, 18.8.0-18.8.23, 19.12.0-19.12.14, 20.12.0-20.12.3 | https://support.oracle.com/rs?type=doc&id=2783281.1 |
Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12 | https://support.oracle.com/rs?type=doc&id=2783281.1 |
Real-Time Decisions (RTD) Solutions, version 3.2.0.0 | https://support.oracle.com/rs?type=doc&id=2773670.1 |
Siebel Applications, versions 21.5 and prior | https://support.oracle.com/rs?type=doc&id=2787996.1 |
StorageTek Tape Analytics SW Tool, version 2.3 | https://support.oracle.com/rs?type=doc&id=2788472.1 |
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。