一、概述
2022年4月20日,绿盟科技CERT监测发现Oracle官方发布了4月重要补丁更新公告CPU(Critical Patch Update),此次共修复了520个不同程度的漏洞,此次安全更新涉及Oracle WebLogic Server、Oracle MySQL、Oracle Java SE、Oracle FusionMiddleware、Oracle Retail Applications等多个常用产品。Oracle强烈建议客户尽快应用关键补丁更新修复程序,对漏洞进行修复。
参考链接:
https://www.oracle.com/security-alerts/cpuapr2022.html
二、重点漏洞概述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Oracle WebLogic Server 远程代码执行漏洞(CVE-2022-23305):
由于在Oracle WebLogic Server中引用了第三方依赖“ Apache Log4j”,未经身份验证的攻击者通过HTTP协议向受影响的服务器发送恶意的请求,最终导致在目标服务器上执行任意代码。CVSS评分为9.8。
Oracle Coherence远程代码执行漏洞(CVE-2022-21420):
Oracle Coherence中存在远程代码执行漏洞,未经身份验证的攻击者通过 T3 协议向受影响的服务器发送恶意的请求来破坏 Oracle Coherence,最终导致在目标服务器上执行任意代码。CVSS评分为9.8。使用了Oracle Coherence库的产品受此漏洞影响,在WebLogic Server 11g Release(10.3.4)及以上版本的安装包中默认集成了Oracle Coherence库。
Oracle WebLogic Server拒绝服务漏洞(CVE-2022-21441):
Oracle WebLogic Server中存在拒绝服务漏洞,未经身份验证的攻击者通过T3/IIOP协议向受影响的服务器发送恶意的请求,可能导致Oracle WebLogic Server挂起,或者程序崩溃,从而造成拒绝服务。
Oracle WebLogic Server拒绝服务漏洞(CVE-2022-23437):
由于在Oracle WebLogic Server中引用了第三方工具“Apache Xerces-J”,未经身份验证的攻击者通过HTTP协议向受影响的服务器发送恶意的请求,可能导致Oracle WebLogic Server挂起或程序崩溃,从而造成拒绝服务。此漏洞需要与受害者进行交互。
Oracle WebLogic Server身份验证绕过漏洞(CVE-2022-21453/CVE-2021-41184):
Oracle WebLogic Server存在身份验证漏洞,未经身份验证的攻击者通过HTTP协议向受影响的服务器发送恶意的请求,可实现对某些Oracle WebLogic Server可访问数据的未授权访问或增删改操作,以及对Oracle WebLogic Server可访问数据子集的未授权访问。此攻击需要与受害者进行交互,此外,该漏洞可能会影响其他产品。
Oracle MySQL多个漏洞:
此次安全更新针对Oracle MySQL发布了43个安全补丁, 其中的11个漏洞在未经用户身份验证的情况下远程进行利用,即无需用户凭据即可通过网络利用。高危漏洞编号如下:
CVE-2022-23305
CVE-2022-22965
CVE-2022-0778
Oracle Financial Services Applications多个漏洞:
此次安全更新针对Oracle Financial Services Applications发布了41个安全补丁。其中的19个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2022-22965
CVE-2022-23305
Oracle Insurance Applications多个漏洞:
此次安全更新针对Oracle Insurance Applications发布了7个安全补丁。其中的5个漏洞在未经用户身份验证的情况下即可远程进行利用。攻击者可以通过HTTP访问网络发送恶意请求,从而控制产品中的组件实现对关键数据完全访问。高危漏洞编号如下:
CVE-2021-2351
CVE-2021-36090
Oracle Communications 多个漏洞:
此次安全更新针对Oracle Communications发布了39个安全补丁,其中的22个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2022-21431
CVE-2022-23305
CVE-2022-23990
CVE-2022-23305
Oracle Communications Applications多个漏洞:
此次安全更新针对Oracle Communications Applications发布了33个安全补丁。其中的22个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞如下:
CVE-2022-21431
CVE-2022-23305
CVE-2022-23990
Oracle E-Business Suite多个漏洞:
此次安全更新针对Oracle E-Business Suite发布了5个安全补丁。其中的2个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2022-23305
Oracle Retail Applications多个漏洞:
此次安全更新针对Oracle Retail Applications发布了43个安全补丁。其中有34个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2022-22965
Oracle官方4月关键补丁更新漏洞总结如下:
产品 | 漏洞个数 | 未授权远程利用个数 | 最高CVSS评分 |
Oracle Database Products Risk Matrices | 5 | 0 | 7.2 |
Oracle Database Server | 5 | 0 | 7.2 |
Oracle Autonomous Health Framework | 1 | 0 | 7.8 |
Oracle Blockchain Platform | 15 | 14 | 9.8 |
Oracle GoldenGate | 5 | 4 | 9.1 |
Oracle REST Data Services | 1 | 0 | 4.2 |
Oracle SQL Developer | 2 | 1 | 6.6 |
Oracle Commerce | 7 | 3 | 8.8 |
Oracle Communications Applications | 39 | 22 | 10 |
Oracle Communications | 149 | 98 | 10 |
Oracle Construction and Engineering | 3 | 1 | 7.6 |
Oracle E-Business Suite | 5 | 2 | 9.8 |
Oracle Enterprise Manager | 10 | 7 | 9.8 |
Oracle Financial Services Applications | 41 | 19 | 9.8 |
Oracle Fusion Middleware | 54 | 41 | 9.8 |
Oracle Health Sciences Applications | 3 | 1 | 9.8 |
Oracle HealthCare Applications | 10 | 5 | 9.8 |
Oracle Hospitality Applications | 6 | 2 | 8.8 |
Oracle Hyperion | 12 | 4 | 9.8 |
Oracle iLearning | 1 | 1 | 6.5 |
Oracle Insurance Applications | 7 | 5 | 8.3 |
Oracle Java SE | 7 | 7 | 7.5 |
Oracle JD Edwards | 8 | 8 | 9.8 |
Oracle MySQL | 43 | 11 | 9.8 |
Oracle PeopleSoft | 14 | 8 | 8.8 |
Oracle Retail Applications | 30 | 15 | 9.8 |
Oracle Supply Chain | 11 | 5 | 9.8 |
Oracle Support Tools | 3 | 1 | 6.5 |
Oracle Systems | 20 | 14 | 9.8 |
Oracle Taleo | 1 | 0 | 6.6 |
Oracle Utilities Applications | 1 | 0 | 6.6 |
Oracle Virtualization | 6 | 1 | 9 |
三、漏洞防护
3.1 补丁更新
请用户参考本文附录“受影响产品及补丁信息”及时下载受影响产品更新补丁,并参照补丁安装包中的readme文件进行安装更新,以保证长期有效的防护。
注:Oracle官方补丁需要用户持有正版软件的许可账号,使用该账号登陆https://support.oracle.com后,可以下载最新补丁。
3.2 Weblogic临时防护措施
若相关用户暂时无法安装补丁或不通过T3协议进行JVM通信,可使用下列措施阻断针对利用T3协议漏洞的攻击:
WebLogic Server提供了名为 weblogic.security.net.ConnectionFilterImpl 的默认连接筛选器,此连接筛选器接受所有传入连接,可通过此连接筛选器配置规则,对T3及T3s协议进行访问控制,详细操作步骤如下:
- 进入WebLogic控制台,在base_domain的配置页面中,进入“安全”选项卡页面,点击“筛选器”,进入连接筛选器配置。
2. 在连接筛选器中输入:weblogic.security.net.ConnectionFilterImpl,参考以下写法,在连接筛选器规则中配置符合企业实际情况的规则:
3. 保存后若规则未生效,建议重新启动WebLogic服务(重启WebLogic服务会导致业务中断,建议相关人员评估风险后,再进行操作)。以Windows环境为例,重启服务的步骤如下:
进入域所在目录下的bin目录,在Windows系统中运行stopWebLogic.cmd文件终止WebLogic服务,Linux系统中则运行stopWebLogic.sh文件。
待终止脚本执行完成后,再运行startWebLogic.cmd或startWebLogic.sh文件启动WebLogic,即可完成WebLogic服务重启。
参考链接:https://docs.oracle.com/cd/E24329_01/web.1211/e24485/con_filtr.htm#SCPRG37
附录 受影响产品及补丁信息
受影响产品及版本号 | 可用补丁 |
Engineered Systems Utilities, versions 12.1.0.2, 19c, 21c | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0 | https://support.oracle.com/rs?type=doc&id=2844807.1 |
Enterprise Manager for Peoplesoft, versions 13.4.1.1, 13.5.1.1 | https://support.oracle.com/rs?type=doc&id=2844807.1 |
Enterprise Manager for Storage Management, version 13.4.0.0 | https://support.oracle.com/rs?type=doc&id=2844807.1 |
Enterprise Manager Ops Center, version 12.4.0.0 | https://support.oracle.com/rs?type=doc&id=2844807.1 |
Helidon, versions 1.4.7, 1.4.10, 2.0.0-RC1 | https://support.oracle.com/rs?type=doc&id=2645279.1 |
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3 | https://support.oracle.com/rs?type=doc&id=2856639.1 |
JD Edwards EnterpriseOne Tools, versions prior to 9.2.6.3 | https://support.oracle.com/rs?type=doc&id=2858978.1 |
JD Edwards World Security, version A9.4 | https://support.oracle.com/rs?type=doc&id=2858978.1 |
Management Cloud Engine, versions 1.5.0 and prior | https://support.oracle.com/rs?type=doc&id=2859067.1 |
Middleware Common Libraries and Tools, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
MySQL Cluster, versions 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, 8.0.28 and prior | https://support.oracle.com/rs?type=doc&id=2856097.1 |
MySQL Connectors, versions 8.0.28 and prior | https://support.oracle.com/rs?type=doc&id=2856097.1 |
MySQL Enterprise Monitor, versions 8.0.29 and prior | https://support.oracle.com/rs?type=doc&id=2856097.1 |
MySQL Server, versions 5.7.37 and prior, 8.0.28 and prior | https://support.oracle.com/rs?type=doc&id=2856097.1 |
MySQL Workbench, versions 8.0.28 and prior | https://support.oracle.com/rs?type=doc&id=2856097.1 |
Oracle Advanced Supply Chain Planning, versions 12.1, 12.2 | https://support.oracle.com/rs?type=doc&id=2858979.1 |
Oracle Agile Engineering Data Management, version 6.2.1.0 | https://support.oracle.com/rs?type=doc&id=2858979.1 |
Oracle Agile PLM, version 9.3.6 | https://support.oracle.com/rs?type=doc&id=2858979.1 |
Oracle Agile PLM MCAD Connector, version 3.6 | https://support.oracle.com/rs?type=doc&id=2858979.1 |
Oracle Application Express, versions prior to 22.1 | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Oracle Application Testing Suite, version 13.3.0.1 | https://support.oracle.com/rs?type=doc&id=2844807.1 |
Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2 | https://support.oracle.com/rs?type=doc&id=2858979.1 |
Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0 | https://support.oracle.com |
Oracle Banking Enterprise Default Management, versions 2.7.1, 2.10.0, 2.12.0 | https://support.oracle.com/rs?type=doc&id=2861653.1 |
Oracle Banking Loans Servicing, version 2.12.0 | https://support.oracle.com |
Oracle Banking Party Management, version 2.7.0 | https://support.oracle.com/rs?type=doc&id=2861653.1 |
Oracle Banking Payments, version 14.5 | https://support.oracle.com |
Oracle Banking Platform, versions 2.6.2, 2.7.1, 2.12.0 | https://support.oracle.com/rs?type=doc&id=2861653.1 |
Oracle Banking Trade Finance, version 14.5 | https://support.oracle.com |
Oracle Banking Treasury Management, version 14.5 | https://support.oracle.com |
Oracle Blockchain Platform, versions prior to 21.1.2 | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853459.2 |
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle Coherence, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle Commerce Guided Search, version 11.3.2 | https://support.oracle.com/rs?type=doc&id=2859309.1 |
Oracle Communications ASAP, version 7.3 | https://support.oracle.com/rs?type=doc&id=2856716.1 |
Oracle Communications Billing and Revenue Management, versions 12.0.0.4, 12.0.0.5 | https://support.oracle.com/rs?type=doc&id=2856675.1 |
Oracle Communications Cloud Native Core Automated Test Suite, versions 1.8.0, 1.9.0, 22.1.0 | https://support.oracle.com/rs?type=doc&id=2859046.1 |
Oracle Communications Cloud Native Core Binding Support Function, version 1.11.0 | https://support.oracle.com/rs?type=doc&id=2859047.1 |
Oracle Communications Cloud Native Core Console, versions 1.9.0, 22.1.0 | https://support.oracle.com/rs?type=doc&id=2859048.1 |
Oracle Communications Cloud Native Core Network Exposure Function, version 22.1.0 | https://support.oracle.com/rs?type=doc&id=2863903.1 |
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 1.10.0, 22.1.0 | https://support.oracle.com/rs?type=doc&id=2861795.1 |
Oracle Communications Cloud Native Core Network Repository Function, versions 1.15.0, 1.15.1, 22.1.0 | https://support.oracle.com/rs?type=doc&id=2861796.1 |
Oracle Communications Cloud Native Core Network Slice Selection Function, versions 1.8.0, 22.1.0 | https://support.oracle.com/rs?type=doc&id=2861807.1 |
Oracle Communications Cloud Native Core Policy, versions 1.14.0, 1.15.0, 22.1.0 | https://support.oracle.com/rs?type=doc&id=2859049.1 |
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 1.7.0, 22.1.0 | https://support.oracle.com/rs?type=doc&id=2859050.1 |
Oracle Communications Cloud Native Core Service Communication Proxy, version 1.15.0 | https://support.oracle.com/rs?type=doc&id=2859052.1 |
Oracle Communications Cloud Native Core Unified Data Repository, versions 1.15.0, 22.1.0 | https://support.oracle.com/rs?type=doc&id=2859053.1 |
Oracle Communications Contacts Server, version 8.0.0.6.0 | https://support.oracle.com/rs?type=doc&id=2856674.1 |
Oracle Communications Convergence, versions 3.0.2.2, 3.0.3.0 | https://support.oracle.com/rs?type=doc&id=2856674.1 |
Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0 | https://support.oracle.com/rs?type=doc&id=2856694.1 |
Oracle Communications Design Studio, versions 7.3.5, 7.4.0-7.4.2 | https://support.oracle.com/rs?type=doc&id=2856707.1 |
Oracle Communications Diameter Intelligence Hub, versions 8.0.0-8.2.3 | https://support.oracle.com/rs?type=doc&id=2859054.1 |
Oracle Communications Diameter Signaling Router, version 8.4.0.0 | https://support.oracle.com/rs?type=doc&id=2859055.1 |
Oracle Communications EAGLE Application Processor | https://support.oracle.com/rs?type=doc&id=2861811.1 |
Oracle Communications EAGLE Element Management System, version 46.6 | https://support.oracle.com/rs?type=doc&id=2859068.1 |
Oracle Communications EAGLE FTP Table Base Retrieval, version 4.5 | https://support.oracle.com/rs?type=doc&id=2861832.1 |
Oracle Communications EAGLE LNP Application Processor, versions 10.1, 10.2 | https://support.oracle.com/rs?type=doc&id=2861828.1 |
Oracle Communications EAGLE Software, versions 46.7.0, 46.8.0-46.8.2, 46.9.1-46.9.3 | https://support.oracle.com/rs?type=doc&id=2861808.1 |
Oracle Communications Element Manager, versions prior to 9.0 | https://support.oracle.com/rs?type=doc&id=2859056.1 |
Oracle Communications Evolved Communications Application Server, version 7.1 | https://support.oracle.com/rs?type=doc&id=2859057.1 |
Oracle Communications Instant Messaging Server, version 10.0.1.5.0 | https://support.oracle.com/rs?type=doc&id=2856674.1 |
Oracle Communications Interactive Session Recorder, version 6.4 | https://support.oracle.com/rs?type=doc&id=2859058.1 |
Oracle Communications IP Service Activator, version 7.4.0 | https://support.oracle.com/rs?type=doc&id=2856708.1 |
Oracle Communications Messaging Server, version 8.1 | https://support.oracle.com/rs?type=doc&id=2856674.1 |
Oracle Communications MetaSolv Solution, version 6.3.1 | https://support.oracle.com/rs?type=doc&id=2856717.1 |
Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0 | https://support.oracle.com/rs?type=doc&id=2856694.1 |
Oracle Communications Network Integrity, versions 7.3.2, 7.3.5, 7.3.6 | https://support.oracle.com/rs?type=doc&id=2856673.1 |
Oracle Communications Operations Monitor, versions 4.3, 4.4, 5.0 | https://support.oracle.com/rs?type=doc&id=2859059.1 |
Oracle Communications Order and Service Management, versions 7.3, 7.4 | https://support.oracle.com/rs?type=doc&id=2856706.1 |
Oracle Communications Performance Intelligence Center (PIC) Software, versions 10.3.0.0.0-10.3.0.2.1, 10.4.0.1.0-10.4.0.3.1 | https://support.oracle.com/rs?type=doc&id=2859060.1 |
Oracle Communications Policy Management, versions 12.5.0.0.0, 12.6.0.0.0 | https://support.oracle.com/rs?type=doc&id=2859061.1 |
Oracle Communications Pricing Design Center, versions 12.0.0.4, 12.0.0.5 | https://support.oracle.com/rs?type=doc&id=2856675.1 |
Oracle Communications Services Gatekeeper, version 7.0.0.0.0 | https://support.oracle.com/rs?type=doc&id=2859062.1 |
Oracle Communications Session Border Controller, versions 8.4, 9.0 | https://support.oracle.com/rs?type=doc&id=2858583.1 |
Oracle Communications Session Report Manager, versions prior to 9.0 | https://support.oracle.com/rs?type=doc&id=2859063.1 |
Oracle Communications Session Route Manager, versions prior to 9.0 | https://support.oracle.com/rs?type=doc&id=2859064.1 |
Oracle Communications Unified Inventory Management, versions 7.4.1, 7.4.2 | https://support.oracle.com/rs?type=doc&id=2856709.1 |
Oracle Communications Unified Session Manager, versions 8.2.5, 8.4.5 | https://support.oracle.com/rs?type=doc&id=2858584.1 |
Oracle Communications User Data Repository, version 12.4 | https://support.oracle.com/rs?type=doc&id=2862337.1 |
Oracle Communications WebRTC Session Controller, version 7.2.1 | https://support.oracle.com/rs?type=doc&id=2861922.1 |
Oracle Data Integrator, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle Database Server, versions 12.1.0.2, 19c, 21c | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Oracle Documaker, versions 12.6.0, 12.6.2-12.6.4, 12.7.0 | https://support.oracle.com/rs?type=doc&id=2857284.1 |
Oracle E-Business Suite, versions 12.2.4-12.2.11, [EBS Cloud Manager and Backup Module] prior to 22.1.1.1, [Enterprise Command Center] 7.0, [Enterprise Information Discovery] 7-9 | https://support.oracle.com/rs?type=doc&id=2484000.1 |
Oracle Enterprise Communications Broker, versions 3.2, 3.3 | https://support.oracle.com/rs?type=doc&id=2858599.1 |
Oracle Enterprise Session Border Controller, versions 8.4, 9.0 | https://support.oracle.com/rs?type=doc&id=2858583.1 |
Oracle Ethernet Switch ES1-24, version 1.3.1 | https://support.oracle.com/rs?type=doc&id=2857179.1 |
Oracle Ethernet Switch TOR-72, version 1.2.2 | https://support.oracle.com/rs?type=doc&id=2857179.1 |
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6.0-8.0.9.0, 8.1.0.0-8.1.2.0 | https://support.oracle.com/rs?type=doc&id=2856189.1 |
Oracle Financial Services Behavior Detection Platform, versions 8.0.6.0-8.0.8.0, 8.1.1.0, 8.1.1.1, 8.1.2.0 | https://support.oracle.com/rs?type=doc&id=2863604.1 |
Oracle Financial Services Enterprise Case Management, versions 8.0.7.1, 8.0.7.2, 8.0.8.0, 8.0.8.1, 8.1.1.0, 8.1.1.1, 8.1.2.0 | https://support.oracle.com/rs?type=doc&id=2856550.1 |
Oracle Financial Services Revenue Management and Billing, versions 2.7.0.0, 2.7.0.1, 2.8.0.0 | https://support.oracle.com/rs?type=doc&id=2860692.1 |
Oracle FLEXCUBE Universal Banking, versions 11.83.3, 12.1-12.4, 14.0-14.3, 14.5 | https://support.oracle.com |
Oracle Global Lifecycle Management OPatch | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle GoldenGate, versions prior to 12.3.0.1.2, prior to 23.1 | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Oracle GoldenGate Application Adapters, versions prior to 23.1 | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Oracle GoldenGate Big Data and Application Adapters, versions prior to 23.1 | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Oracle GraalVM Enterprise Edition, versions 20.3.5, 21.3.1, 22.0.0.2 | https://support.oracle.com/rs?type=doc&id=2855980.1 |
Oracle Health Sciences Empirica Signal, versions 9.1.0.6, 9.2.0.0 | https://support.oracle.com/rs?type=doc&id=2854079.1 |
Oracle Health Sciences InForm, versions 6.2.1.1, 6.3.2.1, 7.0.0.0 | https://support.oracle.com/rs?type=doc&id=2854079.1 |
Oracle Health Sciences InForm Publisher, versions 6.2.1.1, 6.3.1.1 | https://support.oracle.com/rs?type=doc&id=2854079.1 |
Oracle Health Sciences Information Manager, versions 3.0.1-3.0.4 | https://support.oracle.com/rs?type=doc&id=2862542.1 |
Oracle Healthcare Data Repository, versions 8.1.0, 8.1.1 | https://support.oracle.com/rs?type=doc&id=2862542.1 |
Oracle Healthcare Foundation, versions 7.3.0.1-7.3.0.4 | https://support.oracle.com/rs?type=doc&id=2862542.1 |
Oracle Healthcare Master Person Index, version 5.0.1 | https://support.oracle.com/rs?type=doc&id=2862542.1 |
Oracle Healthcare Translational Research, versions 4.1.0, 4.1.1 | https://support.oracle.com/rs?type=doc&id=2862542.1 |
Oracle Hospitality Suite8, versions 8.10.2, 8.11.0-8.14.0 | https://support.oracle.com/rs?type=doc&id=2857213.1 |
Oracle Hospitality Token Proxy Service, version 19.2 | https://support.oracle.com/rs?type=doc&id=2859245.1 |
Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle Hyperion BI+, versions prior to 11.2.8.0 | https://support.oracle.com/rs?type=doc&id=2775466.2 |
Oracle Hyperion Calculation Manager, versions prior to 11.2.8.0 | https://support.oracle.com/rs?type=doc&id=2775466.2 |
Oracle Hyperion Data Relationship Management, versions prior to 11.2.8.0, prior to 11.2.9.0 | https://support.oracle.com/rs?type=doc&id=2775466.2 |
Oracle Hyperion Financial Management, versions prior to 11.2.8.0 | https://support.oracle.com/rs?type=doc&id=2775466.2 |
Oracle Hyperion Infrastructure Technology, versions prior to 11.2.8.0 | https://support.oracle.com/rs?type=doc&id=2775466.2 |
Oracle Hyperion Planning, versions prior to 11.2.8.0 | https://support.oracle.com/rs?type=doc&id=2775466.2 |
Oracle Hyperion Profitability and Cost Management, versions prior to 11.2.8.0 | https://support.oracle.com/rs?type=doc&id=2775466.2 |
Oracle Hyperion Tax Provision, versions prior to 11.2.8.0 | https://support.oracle.com/rs?type=doc&id=2775466.2 |
Oracle Identity Management Suite, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle Identity Manager Connector, versions 9.1.0, 11.1.1.5.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle iLearning, versions 6.2, 6.3 | https://support.oracle.com/rs?type=doc&id=2859330.1 |
Oracle Insurance Data Gateway, version 1.0.1 | https://support.oracle.com/rs?type=doc&id=2857284.1 |
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2.0, 5.4.0-5.6.0, 5.6.1 | https://support.oracle.com/rs?type=doc&id=2857284.1 |
Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0, 11.2.8, 11.3.0, 11.3.1 | https://support.oracle.com/rs?type=doc&id=2857284.1 |
Oracle Insurance Rules Palette, versions 11.0.2, 11.1.0, 11.2.8, 11.3.0, 11.3.1 | https://support.oracle.com/rs?type=doc&id=2857284.1 |
Oracle Internet Directory, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle Java SE, versions 7u331, 8u321, 11.0.14, 17.0.2, 18 | https://support.oracle.com/rs?type=doc&id=2855980.1 |
Oracle JDeveloper, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle NoSQL Database | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Oracle Outside In Technology, version 8.5.5 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle Payment Interface, versions 19.1, 20.3 | https://support.oracle.com/rs?type=doc&id=2859245.1 |
Oracle Product Lifecycle Analytics, version 3.6.1.0 | https://support.oracle.com/rs?type=doc&id=2858979.1 |
Oracle REST Data Services, versions prior to 21.2 | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Oracle Retail Bulk Data Integration, version 16.0.3 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Customer Insights, versions 15.0.2, 16.0.2 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Customer Management and Segmentation Foundation, versions 17.0-19.0 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Data Extractor for Merchandising, versions 15.0.2, 16.0.2 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail EFTLink, versions 17.0.2, 18.0.1, 19.0.1, 20.0.1, 21.0.0 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Extract Transform and Load, version 13.2.8 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Invoice Matching, version 16.0.3 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Merchandising System, versions 16.0.3, 19.0.1 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Store Inventory Management, versions 14.0.4.13, 14.1.3.5, 14.1.3.14, 15.0.3.3, 15.0.3.8, 16.0.3.7 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Xstore Office Cloud Service, versions 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle Retail Xstore Point of Service, versions 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1, 21.0.0 | https://support.oracle.com/rs?type=doc&id=2855697.1 |
Oracle SD-WAN Edge, versions 9.0, 9.1 | https://support.oracle.com/rs?type=doc&id=2863674.1 |
Oracle Secure Backup | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Oracle Secure Global Desktop, version 5.6 | https://support.oracle.com/rs?type=doc&id=2859130.1 |
Oracle Solaris, version 11 | https://support.oracle.com/rs?type=doc&id=2857179.1 |
Oracle Solaris Cluster, version 4 | https://support.oracle.com/rs?type=doc&id=2857179.1 |
Oracle SQL Developer, versions prior to 21.99 | https://support.oracle.com/rs?type=doc&id=2844795.1 |
Oracle StorageTek ACSLS, version 8.5.1 | https://support.oracle.com/rs?type=doc&id=2857179.1 |
Oracle StorageTek Tape Analytics (STA), version 2.4 | https://support.oracle.com/rs?type=doc&id=2857179.1 |
Oracle Taleo Platform, versions prior to 22.1 | https://support.oracle.com/rs?type=doc&id=2862405.1 |
Oracle Transportation Management, versions 6.4.3, 6.5.1 | https://support.oracle.com/rs?type=doc&id=2858979.1 |
Oracle Tuxedo, version 12.2.2.0.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle Utilities Framework, versions 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0 | https://support.oracle.com/rs?type=doc&id=2856383.1 |
Oracle VM VirtualBox, versions prior to 6.1.34 | https://support.oracle.com/rs?type=doc&id=2859130.1 |
Oracle Web Services Manager, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | https://support.oracle.com/rs?type=doc&id=2853458.2 |
Oracle ZFS Storage Appliance Kit, version 8.8 | https://support.oracle.com/rs?type=doc&id=2857179.1 |
OSS Support Tools, versions 2.12.42, 18.3 | https://support.oracle.com/rs?type=doc&id=2859097.1 |
PeopleSoft Enterprise CS Academic Advisement, version 9.2 | https://support.oracle.com/rs?type=doc&id=2858976.1 |
PeopleSoft Enterprise FIN Cash Management, version 9.2 | https://support.oracle.com/rs?type=doc&id=2858976.1 |
PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59 | https://support.oracle.com/rs?type=doc&id=2858976.1 |
PeopleSoft Enterprise PRTL Interaction Hub, version 9.1 | https://support.oracle.com/rs?type=doc&id=2858976.1 |
Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12 | https://support.oracle.com/rs?type=doc&id=2856639.1 |
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。