Oracle全系产品1月关键补丁更新通告
2022-1-20 10:12:42 Author: blog.nsfocus.net(查看原文) 阅读量:21 收藏

2022年1月19日,绿盟科技CERT监测发现Oracle官方发布了1月关键补丁更新公告CPU(Critical Patch Update),此次共修复了497个不同程度的漏洞,此次安全更新涉及Oracle WebLogic Server、Oracle MySQL、Oracle Java SE、Oracle FusionMiddleware、Oracle Retail Applications等多个常用产品。Oracle强烈建议客户尽快应用关键补丁更新修复程序,对漏洞进行修复。

Oracle WebLogic Server存在远程代码执行漏洞,未经身份验证的攻击者通过T3协议向服务器发送特制的恶意请求,最终导致在目标服务器上执行任意代码。

Oracle WebLogic Server存在信息泄露漏洞,未经身份验证的攻击者通过HTTP协议向受影响的服务器发送特制的请求,可能实现对关键数据的非法访问或对所有Oracle WebLogic Server所有数据的完全访问,造成敏感信息泄露。

此次安全更新针对Oracle MySQL发布了78个安全补丁, 其中的3个漏洞在未经用户身份验证的情况下即可远程进行利用,即无需用户凭据即可通过网络利用。漏洞编号如下:

此次安全更新针对Oracle Financial Services Applications发布了48个安全补丁。其中的37个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

此次安全更新针对Oracle Insurance Applications发布了7个安全补丁。其中的6个漏洞在未经用户身份验证的情况下即可远程进行利用。攻击者可以通过HTTP访问网络发送恶意请求,从而控制产品中的组件进而对关键数据完全访问。严重漏洞编号如下:

此次安全更新针对Oracle Communications Applications发布了33个安全补丁。其中的22个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞如下:

此次安全更新针对Oracle E-Business Suite发布了9个安全补丁。其中的5个漏洞在未经用户身份验证的情况下即可远程进行利用。攻击者可以通过HTTP访问网络,从而破坏套件中的产品,从而对关键数据的未授权访问或对所有套件中产品可访问数据的完全访问。高危漏洞编号如下:

此次安全更新针对Oracle Retail Applications发布了43个安全补丁。其中有34个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:

产品漏洞个数未授权远程利用个数最高CVSS评分
Oracle Database Server405.4
Oracle Essbase439.9
Oracle GoldenGate339.4
Oracle Graph Server and Client229.8
Oracle REST Data Services217.5
Oracle Secure Backup229.8
Oracle Commerce668.3
Oracle Communications Applications332210.0
Oracle Communications84509.8
Oracle Construction and Engineering22159.8
Oracle E-Business Suite958.1
Oracle Enterprise Manager769.8
Oracle Financial Services Applications48379.8
Oracle Fusion Middleware39359.8
Oracle Health Sciences Applications888.3
Oracle Hospitality Applications338.3
Oracle HealthCare Applications448.3
Oracle Hyperion118.3
Oracle Insurance Applications769.8
Oracle Java SE18186.5
Oracle JD Edwards107.2
Oracle MySQL7837.5
Oracle PeopleSoft13109.8
Oracle Retail Applications43348.8
Oracle Siebel CRM218.8
Oracle Supply Chain1088.3
Oracle Systems1178.6
Oracle Utilities Applications1379.8
Oracle Virtualization206.5

WebLogic Server提供了名为 weblogic.security.net.ConnectionFilterImpl 的默认连接筛选器,此连接筛选器接受所有传入连接,可通过此连接筛选器配置规则,对T3及T3s协议进行访问控制,详细操作步骤如下:

1. 进入WebLogic控制台,在base_domain的配置页面中,进入“安全”选项卡页面,点击“筛选器”,进入连接筛选器配置。

2. 在连接筛选器中输入:weblogic.security.net.ConnectionFilterImpl,参考以下写法,在连接筛选器规则中配置符合企业实际情况的规则:

3. 保存后若规则未生效,建议重新启动WebLogic服务(重启WebLogic服务会导致业务中断,建议相关人员评估风险后,再进行操作)。以Windows环境为例,重启服务的步骤如下:

进入域所在目录下的bin目录,在Windows系统中运行stopWebLogic.cmd文件终止WebLogic服务,Linux系统中则运行stopWebLogic.sh文件。

受影响产品及版本号可用补丁
Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite, version 3.6https://support.oracle.com/rs?type=doc&id=2832006.1
Application Performance Management, versions 13.4.1.0, 13.5.1.0https://support.oracle.com/rs?type=doc&id=2817011.1
Big Data Spatial and Graph, versions prior to 23.1https://support.oracle.com/rs?type=doc&id=2817011.1
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0https://support.oracle.com/rs?type=doc&id=2817011.1
Enterprise Manager Ops Center, version 12.4.0.0https://support.oracle.com/rs?type=doc&id=2817011.1
Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2410, prior to XCP3110https://support.oracle.com/rs?type=doc&id=2832878.1
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3https://support.oracle.com/rs?type=doc&id=2829871.1
JD Edwards EnterpriseOne Tools, versions prior to 9.2.6.1https://support.oracle.com/rs?type=doc&id=2832004.1
MySQL Cluster, versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, 8.0.27 and priorhttps://support.oracle.com/rs?type=doc&id=2832117.1
MySQL Connectors, versions 8.0.27 and priorhttps://support.oracle.com/rs?type=doc&id=2832117.1
MySQL Server, versions 5.7.36 and prior, 8.0.27 and priorhttps://support.oracle.com/rs?type=doc&id=2832117.1
MySQL Workbench, versions 8.0.27 and priorhttps://support.oracle.com/rs?type=doc&id=2832117.1
Oracle Access Manager, versions 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Agile Engineering Data Management, version 6.2.1.0https://support.oracle.com/rs?type=doc&id=2832006.1
Oracle Agile PLM, versions 9.3.3, 9.3.6https://support.oracle.com/rs?type=doc&id=2832006.1
Oracle Agile PLM MCAD Connector, versions 3.4, 3.6https://support.oracle.com/rs?type=doc&id=2832006.1
Oracle Airlines Data Model, versions 12.1.1.0.0, 12.2.0.1.0https://support.oracle.com/rs?type=doc&id=2833257.1
Oracle Application Express, versions prior to 21.1.4https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Application Testing Suite, version 13.3.0.1https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Argus Analytics, versions 8.2.1, 8.2.2, 8.2.3https://support.oracle.com/rs?type=doc&id=2827314.1
Oracle Argus Insight, versions 8.2.1, 8.2.2, 8.2.3https://support.oracle.com/rs?type=doc&id=2827314.1
Oracle Argus Mart, versions 8.2.1, 8.2.2, 8.2.3https://support.oracle.com/rs?type=doc&id=2827314.1
Oracle Argus Safety, versions 8.2.1, 8.2.2, 8.2.3https://support.oracle.com/rs?type=doc&id=2827314.1
Oracle Banking APIs, versions 18.1-18.3, 19.1, 19.2, 20.1, 21.1https://support.oracle.com
Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0https://support.oracle.com
Oracle Banking Digital Experience, versions 17.2, 18.1-18.3, 19.1, 19.2, 20.1, 21.1https://support.oracle.com
Oracle Banking Enterprise Default Management, versions 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1, 2.10.0, 2.12.0https://support.oracle.com/rs?type=doc&id=2827842.1
Oracle Banking Loans Servicing, version 2.12.0https://support.oracle.com
Oracle Banking Party Management, version 2.7.0https://support.oracle.com/rs?type=doc&id=2827842.1
Oracle Banking Platform, versions 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1https://support.oracle.com/rs?type=doc&id=2827842.1
Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Business Activity Monitoring, versions 12.2.1.4.0, 12.2.1.5.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0, 12.2.1.4.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Clinical, versions 5.2.1, 5.2.2https://support.oracle.com/rs?type=doc&id=2827314.1
Oracle Commerce Guided Search, version 11.3.2https://support.oracle.com/rs?type=doc&id=2832419.1
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2https://support.oracle.com/rs?type=doc&id=2832419.1
Oracle Communications Billing and Revenue Management, versions 12.0.0.3, 12.0.0.4https://support.oracle.com/rs?type=doc&id=2831903.1
Oracle Communications BRM – Elastic Charging Engine, versions 11.3, 12.0https://support.oracle.com/rs?type=doc&id=2831903.1
Oracle Communications Calendar Server, version 8.0.0.5.0https://support.oracle.com/rs?type=doc&id=2831902.1
Oracle Communications Cloud Native Core Automated Test Suite, version 1.8.0https://support.oracle.com/rs?type=doc&id=2833620.1
Oracle Communications Cloud Native Core Binding Support Function, versions 1.9.0, 1.10.0https://support.oracle.com/rs?type=doc&id=2833618.1
Oracle Communications Cloud Native Core Console, version 1.7.0https://support.oracle.com/rs?type=doc&id=2833832.1
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 1.9.0https://support.oracle.com/rs?type=doc&id=2833600.1
Oracle Communications Cloud Native Core Network Repository Function, version 1.14.0https://support.oracle.com/rs?type=doc&id=2833598.1
Oracle Communications Cloud Native Core Policy, version 1.14.0https://support.oracle.com/rs?type=doc&id=2833602.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 1.5.0, 1.6.0, 1.15.0https://support.oracle.com/rs?type=doc&id=2833594.1
Oracle Communications Cloud Native Core Service Communication Proxy, version 1.14.0https://support.oracle.com/rs?type=doc&id=2833601.1
Oracle Communications Cloud Native Core Unified Data Repository, version 1.14.0https://support.oracle.com/rs?type=doc&id=2833596.1
Oracle Communications Contacts Server, version 8.0.0.3.0https://support.oracle.com/rs?type=doc&id=2831902.1
Oracle Communications Convergence, version 3.0.2.2.0https://support.oracle.com/rs?type=doc&id=2831902.1
Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0https://support.oracle.com/rs?type=doc&id=2831885.1
Oracle Communications Data Model, versions 11.3.2.1.0, 11.3.2.2.0, 11.3.2.3.0, 12.1.0.1.0, 12.1.2.0.0https://support.oracle.com/rs?type=doc&id=2833265.1
Oracle Communications Design Studio, versions 7.3.4, 7.3.5, 7.4.0, 7.4.1, 7.4.2https://support.oracle.com/rs?type=doc&id=2831888.1
Oracle Communications Diameter Signaling Router, versions 8.0.0.0-8.5.1.0https://support.oracle.com/rs?type=doc&id=2833215.1
Oracle Communications EAGLE Application Processor, versions 16.1-16.4https://support.oracle.com/rs?type=doc&id=2833619.1
Oracle Communications Instant Messaging Server, version 10.0.1.5.0https://support.oracle.com/rs?type=doc&id=2831902.1
Oracle Communications Interactive Session Recorder, versions 6.3, 6.4https://support.oracle.com/rs?type=doc&id=2833605.1
Oracle Communications Messaging Server, version 8.1https://support.oracle.com/rs?type=doc&id=2831902.1
Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0https://support.oracle.com/rs?type=doc&id=2831885.1
Oracle Communications Network Integrity, versions 7.3.5, 7.3.6https://support.oracle.com/rs?type=doc&id=2831886.1
Oracle Communications Offline Mediation Controller, version 12.0.0.3https://support.oracle.com/rs?type=doc&id=2831903.1
Oracle Communications Operations Monitor, versions 3.4, 4.2, 4.3, 4.4, 5.0https://support.oracle.com/rs?type=doc&id=2833603.1
Oracle Communications Pricing Design Center, versions 12.0.0.3.0, 12.0.0.4.0https://support.oracle.com/rs?type=doc&id=2831903.1
Oracle Communications Service Broker, version 6.2https://support.oracle.com/rs?type=doc&id=2833617.1
Oracle Communications Services Gatekeeper, version 7.0https://support.oracle.com/rs?type=doc&id=2833211.1
Oracle Communications Session Border Controller, versions 8.2, 8.3, 8.4, 9.0https://support.oracle.com/rs?type=doc&id=2833085.1
Oracle Communications Unified Inventory Management, versions 7.3.0, 7.3.4, 7.3.5, 7.4.0, 7.4.1, 7.4.2, 7.5.0https://support.oracle.com/rs?type=doc&id=2831889.1
Oracle Communications WebRTC Session Controller, versions 7.2.0, 7.2.1https://support.oracle.com/rs?type=doc&id=2833614.1
Oracle Data Integrator, versions 12.2.1.3.0, 12.2.1.4.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Database Server, versions 12.1.0.2, 12.2.0.1, 19c, 21chttps://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Demantra Demand Management, versions 12.2.6-12.2.11https://support.oracle.com/rs?type=doc&id=2832006.1
Oracle E-Business Suite, versions 12.2.3-12.2.11https://support.oracle.com/rs?type=doc&id=2484000.1
Oracle Enterprise Communications Broker, version 3.3https://support.oracle.com/rs?type=doc&id=2833087.1
Oracle Enterprise Data Quality, versions 12.2.1.3.0, 12.2.1.4.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Enterprise Session Border Controller, versions 8.4, 9.0https://support.oracle.com/rs?type=doc&id=2833085.1
Oracle Essbase, versions prior to 11.1.2.4.47, prior to 21.3https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Essbase Administration Services, versions prior to 11.1.2.4.47https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7-8.1.1https://support.oracle.com/rs?type=doc&id=2825591.1
Oracle Financial Services Behavior Detection Platform, versions 8.0.7, 8.0.8, 8.1.1https://support.oracle.com/rs?type=doc&id=2832147.1
Oracle Financial Services Enterprise Case Management, versions 8.0.7, 8.0.8, 8.1.1https://support.oracle.com/rs?type=doc&id=2832152.1
Oracle Financial Services Foreign Account Tax Compliance Act Management, versions 8.0.7, 8.0.8, 8.1.1https://support.oracle.com
Oracle Financial Services Model Management and Governance, versions 8.0.8-8.1.1https://support.oracle.com/rs?type=doc&id=2825611.1
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versions 8.0.7, 8.0.8https://support.oracle.com/rs?type=doc&id=2833718.1
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.4.0, 14.5.0https://support.oracle.com
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0https://support.oracle.com
Oracle Fusion Middleware, versions 12.2.1.3.0, 12.2.1.4.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle GoldenGate, versions prior to 12.3.0.1, prior to 19.1.0.0.220118, prior to 21.4.0.0.0, prior to 21.5.0.0.220118https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle GraalVM Enterprise Edition, versions 20.3.4, 21.3.0https://support.oracle.com/rs?type=doc&id=2828114.1
Oracle Graph Server and Client, versions prior to 21.4https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Health Sciences Clinical Development Analytics, version 4.0.1https://support.oracle.com/rs?type=doc&id=2827314.1
Oracle Health Sciences InForm CRF Submit, version 6.2.1https://support.oracle.com/rs?type=doc&id=2827314.1
Oracle Health Sciences Information Manager, versions 3.0.2, 3.0.3https://support.oracle.com/rs?type=doc&id=2827318.1
Oracle Healthcare Data Repository, versions 7.0.2, 8.1.0, 8.1.1https://support.oracle.com/rs?type=doc&id=2827318.1
Oracle Healthcare Foundation, versions 7.3.0.0-7.3.0.2, 8.0.0-8.0.2, 8.1.0-8.1.1https://support.oracle.com/rs?type=doc&id=2827318.1
Oracle Healthcare Translational Research, version 4.1.0https://support.oracle.com/rs?type=doc&id=2827318.1
Oracle Hospitality Cruise Shipboard Property Management System, version 20.1.0https://support.oracle.com/rs?type=doc&id=2824526.1
Oracle Hospitality OPERA 5, version 5.6https://support.oracle.com/rs?type=doc&id=2824790.1
Oracle Hospitality Reporting and Analytics, version 9.1.0https://support.oracle.com/rs?type=doc&id=2825723.1
Oracle Hospitality Suite8, versions 8.10.2, 8.11.0, 8.12.0, 8.13.0, 8.14.0https://support.oracle.com/rs?type=doc&id=2824342.1
Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0, 12.2.1.5.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Hyperion Infrastructure Technology, version 11.2.7.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle iLearning, versions 6.2, 6.3https://support.oracle.com/rs?type=doc&id=2732007.1
Oracle Insurance Data Gateway, versions 11.0.2, 11.1.0, 11.2.7, 11.3.0, 11.3.1https://support.oracle.com/rs?type=doc&id=2832476.1
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2.0, 5.4.0-5.6.0https://support.oracle.com/rs?type=doc&id=2832476.1
Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0, 11.2.7, 11.3.0, 11.3.1https://support.oracle.com/rs?type=doc&id=2832476.1
Oracle Insurance Policy Administration J2EE, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0https://support.oracle.com/rs?type=doc&id=2832476.1
Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0, 11.3.1https://support.oracle.com/rs?type=doc&id=2832476.1
Oracle Java SE, versions 7u321, 8u311, 11.0.13, 17.1https://support.oracle.com/rs?type=doc&id=2828114.1
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle NoSQL Database, versions prior to 21.1.12https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Policy Automation, versions 12.2.0-12.2.24https://support.oracle.com/rs?type=doc&id=2832841.1
Oracle Product Lifecycle Analytics, version 3.6.1https://support.oracle.com/rs?type=doc&id=2832006.1
Oracle Rapid Planning, versions 12.2.6-12.2.11https://support.oracle.com/rs?type=doc&id=2832006.1
Oracle Real User Experience Insight, versions 13.4.1.0, 13.5.1.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle REST Data Services, versions prior to 21.2.4https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Retail Allocation, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Analytics, version 21.0.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Assortment Planning, version 16.0.3https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Back Office, version 14.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Central Office, version 14.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Customer Insights, version 21.0.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0-19.0https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail EFTLink, versions 16.0.3, 17.0.2, 18.0.1, 19.0.1, 20.0.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Extract Transform and Load, version 13.2.8https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Fiscal Management, version 14.2https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Integration Bus, versions 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Invoice Matching, versions 15.0.3, 16.0.3https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Merchandising System, version 19.0.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Order Broker, versions 16.0, 18.0, 19.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Order Management System, version 19.5https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Point-of-Service, version 14.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Predictive Application Server, versions 14.1.3, 14.1.3.46, 15.0.3, 15.0.3.115, 16.0.3, 16.0.3.240https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Price Management, versions 13.2, 14.0.4, 14.1, 14.1.3, 15, 15.0.3, 16, 16.0.3https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Returns Management, version 14.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Service Backbone, versions 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Size Profile Optimization, version 16.0.3https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle Retail Xstore Point of Service, versions 17.0.4, 18.0.3, 19.0.2, 20.0.1https://support.oracle.com/rs?type=doc&id=2826068.1
Oracle SD-WAN Aware, version 8.2https://support.oracle.com/rs?type=doc&id=2833597.1
Oracle SD-WAN Edge, versions 9.0, 9.1https://support.oracle.com/rs?type=doc&id=2833604.1
Oracle Secure Backup, versions prior to 18.1.0.1.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Solaris, versions 10, 11https://support.oracle.com/rs?type=doc&id=2832878.1
Oracle Spatial Studio, versions prior to 21.2.1https://support.oracle.com/rs?type=doc&id=2832117.1
Oracle Thesaurus Management System, versions 5.2.3, 5.3.0, 5.3.1https://support.oracle.com/rs?type=doc&id=2827314.1
Oracle TimesTen In-Memory Database, versions prior to 11.2.2.8.27, prior to 21.1.1.1.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0https://support.oracle.com/rs?type=doc&id=2832617.1
Oracle Utilities Testing Accelerator, versions 6.0.0.1.1, 6.0.0.2.2, 6.0.0.3.1https://support.oracle.com/rs?type=doc&id=2832617.1
Oracle VM VirtualBox, versions prior to 6.1.32https://support.oracle.com/rs?type=doc&id=2833279.1
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle WebLogic Server, versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0https://support.oracle.com/rs?type=doc&id=2817011.1
Oracle ZFS Storage Appliance Kit, version 8.8https://support.oracle.com/rs?type=doc&id=2832878.1
Oracle ZFS Storage Application Integration Engineering Software, version 1.3.3https://support.oracle.com/rs?type=doc&id=2832878.1
OSS Support Tools, versions prior to 2.12.42https://support.oracle.com/rs?type=doc&id=2833277.1
PeopleSoft Enterprise CS SA Integration Pack, versions 9.0, 9.2https://support.oracle.com/rs?type=doc&id=2831970.1
PeopleSoft Enterprise PeopleTools, versions 8.57, 8.58, 8.59https://support.oracle.com/rs?type=doc&id=2831970.1
Primavera Analytics, versions 18.8.3.3, 19.12.11.1, 20.12.12.0https://support.oracle.com/rs?type=doc&id=2829871.1
Primavera Data Warehouse, versions 18.8.3.3, 19.12.11.1, 20.12.12.0https://support.oracle.com/rs?type=doc&id=2829871.1
Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.13, 19.12.0-19.12.12, 20.12.0-20.12.7, 21.12.0https://support.oracle.com/rs?type=doc&id=2829871.1
Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.18.0, 20.12.0.0-20.12.12.0, 21.12.0.0https://support.oracle.com/rs?type=doc&id=2829871.1
Primavera P6 Professional Project Management, versions 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.17.0, 20.12.0.0-20.12.9.0https://support.oracle.com/rs?type=doc&id=2829871.1
Primavera Portfolio Management, versions 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0, 20.0.0.1https://support.oracle.com/rs?type=doc&id=2829871.1
Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12https://support.oracle.com/rs?type=doc&id=2829871.1
Siebel Applications, versions 21.11 and priorhttps://support.oracle.com/rs?type=doc&id=2832003.1

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。

绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。


文章来源: http://blog.nsfocus.net/oracle202201/
如有侵权请联系:admin#unsafe.sh