漏洞通报|Oracle多款产品曝出高危漏洞
7月15日,Oracle发布了季度补丁更新,修补了多达433个安全漏洞,其中337个高危关键漏洞影响Oracle多款产品,且多个漏洞CVSS评分高达9.8分,漏洞无需身份验证即可被远程利用,风险较高,请及时进行修复。
Category Management Planning & Optimization
versions 15.0.3
Customer Management and Segmentation Foundation
versions 16.0,17.0,18.0
Enterprise Manager Base Platform
versions 12.1.0.5, 13.3.0.0, 13.4.0.0
Enterprise Manager for Fusion Middleware
version 12.1.0.5
Enterprise Manager Ops Center
version 12.4.0.0
GoldenGate Stream Analytics
versions prior to 19.1.0.0.1
Hyperion Financial Close Management
version 11.1.2.4
Instantis EnterpriseTrack
versions 17.1-17.3
JD Edwards EnterpriseOne Orchestrator
versions prior to 9.2.4.2
JD Edwards EnterpriseOne Tools
versions prior to 9.2.3.3, prior to 9.2.4.2
MySQL Client
versions 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior
MySQL Cluster
versions 7.3.29 and prior, 7.4.28 and prior, 7.5.18 and prior, 7.6.14 and prior, 8.0.20 and prior,
MySQL Connectors
versions 8.0.20 and prior
MySQL Enterprise Monitor
versions 4.0.12 and prior, 8.0.20 and prior
MySQL Server
versions 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior
Oracle Agile Engineering Data Management
version 6.2.1.0
Oracle Application Express
versions 5.1-19.2
Oracle Application Testing Suite
versions 13.2.0.1, 13.3.0.1
Oracle AutoVue
version 21.0
Oracle Banking Enterprise Collections
versions 2.7.0-2.9.0
Oracle Banking Payments
versions 14.1.0-14.4.0
Oracle Banking Platform
versions 2.4.0-2.10.0
Oracle Berkeley DB
versions prior to 6.1.38, prior to 18.1.40
Oracle BI Publisher
versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Business Intelligence Enterprise Edition
versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Business Process Management Suite
versions 12.2.1.3.0, 12.2.1.4.0
Oracle Coherence
versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0,
Oracle Commerce Guided Search / Oracle Commerce Experience Manager
versions 11.0,11.1,11.2, prior to 11.3.1
Oracle Commerce Platform
versions 11.1,11.2, prior to 11.3.1
Oracle Commerce Service Center
versions 11.1,11.2, prior to 11.3.1
Oracle Communications Analytics
version 12.1.1
Oracle Communications Billing and Revenue Management
versions 7.5.0.23.0, 12.0.0.3.0
Oracle Communications BRM - Elastic Charging Engine
versions 11.3,12
Oracle Communications Contacts Server
version 8.0.0.4.0
Oracle Communications Convergence
versions 3.0.1.0-3.0.2.1
Oracle Communications Diameter Signaling Router (DSR)
versions 8.0-8.4
Oracle Communications Element Manager
versions 8.1.1, 8.2.0, 8.2.1
Oracle Communications Evolved Communications Application Server
version 7.1
Oracle Communications Instant Messaging Server
version 10.0.1.4.0
Oracle Communications Interactive Session Recorder
versions 6.1-6.4
Oracle Communications IP Service Activator
versions 7.3.0, 7.4.0
Oracle Communications LSMS
versions 13.0-13.3
Oracle Communications Messaging Server
versions 8.0.2, 8.1.0
Oracle Communications MetaSolv Solution
version 6.3.0
Oracle Communications Network Charging and Control
versions 6.0.1, 12.0.0-12.0.3
Oracle Communications Network Integrity
versions 7.3.2-7.3.6
Oracle Communications Operations Monitor
versions 3.4, 4.1-4.3
Oracle Communications Order and Service Management
versions 7.3,7.4
Oracle Communications Services Gatekeeper
versions 6.0,6.1,7
Oracle Communications Session Border Controller
versions 8.1.0, 8.2.0, 8.3.0
Oracle Communications Session Report Manager
versions 8.1.1, 8.2.0, 8.2.1
Oracle Communications Session Route Manager
versions 8.1.1, 8.2.0, 8.2.1
Oracle Configuration Manager
version 12.1.2.0.6
Oracle Configurator
versions 12.1,12.2
Oracle Data Masking and Subsetting
versions 13.3.0.0, 13.4.0.0
Oracle Database Server
versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, [Spatial Studio] prior to 19.2.1
Oracle E-Business Suite
versions 12.1.1-12.1.3, 12.2.3-12.2.9
Oracle Endeca Information Discovery Studio
version 3.2.0
Oracle Enterprise Communications Broker
versions 3.0.0-3.2.0
Oracle Enterprise Repository
version 11.1.1.7.0
Oracle Enterprise Session Border Controller
versions 8.1.0, 8.2.0, 8.3.0
Oracle Financial Services Analytical Applications Infrastructure
versions 8.0.6-8.1.0
Oracle Financial Services Compliance Regulatory Reporting
versions 8.0.6-8.0.8
Oracle Financial Services Lending and Leasing
versions 12.5.0, 14.1.0-14.8.0
Oracle Financial Services Liquidity Risk Management
version 8.0.6
Oracle Financial Services Loan Loss Forecasting and Provisioning
versions 8.0.6-8.0.8
Oracle Financial Services Market Risk Measurement and Management
versions 8.0.6, 8.0.8
Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank
version 8.0.4
Oracle FLEXCUBE Investor Servicing
versions 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0,
Oracle FLEXCUBE Private Banking
versions 12.0.0, 12.1.0
Oracle Fusion Middleware MapViewer
versions 12.2.1.3.0, 12.2.1.4.0
Oracle Global Lifecycle Management/OPatch
versions prior to 12.2.0.1.20
Oracle GoldenGate
versions prior to 19.1.0.0.0
Oracle GraalVM Enterprise Edition
versions 19.3.2, 20.1.0
Oracle Health Sciences Empirica Inspections
version 1.0.1.2
Oracle Health Sciences Empirica Signal
version 7.3.3
Oracle Healthcare Master Person Index
version 4.0.2
Oracle Healthcare Translational Research
versions 3.2.1, 3.3.1, 3.3.2, 3.4.0
Oracle Help Technologies
versions 11.1.1.9.0, 12.2.1.3.0
Oracle Hospitality Guest Access
versions 4.2.0, 4.2.1
Oracle Hospitality Reporting and Analytics
version 9.1.0
Oracle Hyperion BI+
version 11.1.2.4
Oracle iLearning
versions 6.1, 6.1.1
Oracle Insurance Accounting Analyzer
versions 8.0.6-8.0.9
Oracle Insurance Data Gateway
version 1.0
Oracle Insurance Policy Administration J2EE
versions 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0,
Oracle Insurance Rules Palette
versions 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0,
Oracle Java SE
versions 7u261, 8u251, 11.0.7, 14.0.1
Oracle Java SE Embedded
version 8u251
Oracle Outside In Technology
versions 8.5.4, 8.5.5
Oracle Rapid Planning
versions 12.1,12.2
Oracle Real User Experience Insight
version 13.3.1.0
Oracle Retail Assortment Planning
versions 15.0, 15.0.3,16, 16.0.3
Oracle Retail Bulk Data Integration
versions 15.0,16
Oracle Retail Customer Management and Segmentation Foundation
version 18.0
Oracle Retail Data Extractor for Merchandising
versions 1.9,1.1,18
Oracle Retail Extract Transform and Load
version 19.0
Oracle Retail Financial Integration
versions 15.0,16
Oracle Retail Fusion Platform
version 5.5
Oracle Retail Integration Bus
versions 15.0, 15.0.3,16, 16.0.3
Oracle Retail Invoice Matching
version 16.0
Oracle Retail Item Planning
version 15.0.3
Oracle Retail Macro Space Optimization
version 15.0.3
Oracle Retail Merchandise Financial Planning
version 15.0.3
Oracle Retail Merchandising System
versions 15.0.3, 16.0.2, 16.0.3
Oracle Retail Order Broker
version 15.0
Oracle Retail Predictive Application Server
versions 14.0.3, 14.1.3, 15.0.3, 16.0.3
Oracle Retail Regular Price Optimization
versions 15.0.3, 16.0.3
Oracle Retail Replenishment Optimization
version 15.0.3
Oracle Retail Sales Audit
version 14.1
Oracle Retail Service Backbone
versions 14.1,15,16
Oracle Retail Size Profile Optimization
version 15.0.3
Oracle Retail Store Inventory Management
versions 14.0.4, 14.1.3, 15.0.3, 16.0.3
Oracle Retail Xstore Point of Service
versions 7.1,15,16,17,18,19
Oracle SD-WAN Aware
version 8.2
Oracle SD-WAN Edge
versions 8.2,9
Oracle Security Service
versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Solaris
version 11
Oracle TimesTen In-Memory Database
versions prior to 18.1.2.1.0
Oracle Transportation Management
versions 6.3.7, 6.4.3
Oracle Unified Directory
versions 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Utilities Framework
versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0
Oracle VM VirtualBox
versions prior to 5.2.44, prior to 6.0.24, prior to 6.1.12
Oracle WebCenter Portal
versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle WebCenter Sites
versions 12.2.1.3.0, 12.2.1.4.0
Oracle WebLogic Server
versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0,
Oracle ZFS Storage Appliance Kit
version 8.8
PeopleSoft Enterprise FIN Expenses
version 9.2
PeopleSoft Enterprise HCM Global Payroll Switzerland
version 9.2
PeopleSoft Enterprise HRMS
version 9.2
PeopleSoft Enterprise PeopleTools
versions 8.56,8.57,8.58
Primavera Gateway
versions 16.2.0-16.2.11, 17.12.0-17.12.7, 18.8.0-18.8.9, 19.12.0-19.12.4
Primavera P6 Enterprise Project Portfolio Management
versions 16.1.0.0-16.2.20.1, 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19, 19.12.0-19.12.6
Primavera Portfolio Management
versions 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0
Primavera Unifier
versions 16.1,16.2, 17.7-17.12,18.8,19.12, [Mobile App] prior to 20.6
Siebel Applications
versions 2.20.5 and prior, 20.6 and prior
Oracle Communications Applications
(Oracle通信应用软件)
安全补丁:58个
CVSS最高评分:10.0
无需身份验证即可远程利用:45个
Oracle Construction and Engineering(Oracle建筑和工程软件)
CVSS最高评分:9.8
无需身份验证即可远程利用:15个
Oracle E-Business Suite(Oracle电子商务套件)
CVSS最高评分:9.1
无需身份验证即可远程利用:23个
Oracle Enterprise Manager(Oracle企业管理软件)
CVSS最高评分:9.8
无需身份验证即可远程利用:10个
Oracle Financial Services Applications(Oracle金融服务应用软件)
安全补丁:38个CVSS最高评分:9.8
无需身份验证即可远程利用:26个
Oracle Fusion Middleware
(Oracle Fusion中间件)
安全补丁:53个CVSS最高评分:9.8
未经身份验证可远程利用:49个
Oracle JD Edwards
CVSS最高评分:9.8
无需身份验证即可远程利用:6个
Oracle MySQL
CVSS最高评分:9.8
无需身份验证即可远程利用:6个
Oracle Retail Applications(Oracle零售应用软件)
CVSS最高评分:9.8
未经身份验证可远程利用:34个
Oracle Siebel CRM
CVSS最高评分:9.8
无需身份验证即可远程利用:5个
Oracle Supply Chain(Oracle供应链软件)
CVSS最高评分:9.8
无需身份验证即可远程利用:18个
Oracle Database Server(Oracle数据库服务器)
CVSS最高评分:8.8
无需身份验证即可远程利用:1个
Oracle GoldenGate
CVSS最高评分:9.6
无需身份验证即可远程利用:1个
根据官方建议,提供如下处置方案,请用户自行进行影响评估,并对业务文件备份后,再执行操作,建议先在测试系统验证后再修复生产环境
安装官方补丁
https://www.oracle.com/security-alerts/cpujul2020.html