「安全通告」Oracle全系产品2020年7月关键补丁更新

,
阅读: 866

综述

当地时间2020年7月14日,Oracle官方发布了2020年7月关键补丁更新公告CPU(Critical Patch Update),安全通告以及第三方安全公告等公告内容,修复了443个不同程度的漏洞。各产品受影响情况以及可用补丁情况见附录表格。

完整信息请查看官方通告:

https://www.oracle.com/security-alerts/cpujul2020.html

漏洞总结

产品漏洞个数未授权远程利用个数最高CVSS评分
Oracle Database server1918.8
Oracle Berkeley DB307.3
Oracle Global Lifecycle Management100
Oracle GoldenGate319.6
Oracle TimesTen In-Memory Database100
Oracle Commerce437.4
Oracle Communications Applications604610
Oracle Construction and Engineering20159.8
Oracle E-Business Suite30249.1
Oracle Enterprise Manager14109.8
Oracle Financial Services Applications38269.8
Oracle Food and Beverage Applications407.3
Oracle Fusion Middleware52489.8
Oracle GraalVM439.1
Oracle Health Sciences Applications449.8
Oracle Hospitality Applications119.8
Oracle Hyperion304.2
Oracle iLearning118.2
Oracle Insurance Applications647.5
Oracle Java SE11118.3
Oracle JD Edwards669.8
Oracle MySQL4069.8
Oracle PeopleSoft1198.2
Oracle Retail Applications47429.8
Oracle Siebel CRM559.8
Oracle Supply Chain22189.8
Oracle Systems719.8
Oracle Utilities Applications117.5
Oracle Virtualization2508.2

受影响的产品及版本

受影响的产品及版本信息请参考文末附录。

关键补丁更新(cpu)

关键修补程序更新 (cpu) 是针对多个安全漏洞的修补程序集合。关键修补程序更新通常是累积的, 但每次都只描述自上一个关键修补程序更新咨询以来添加的安全修复补丁。因此, 应复查先前发布的安全修补程序的重要更新建议, 以了解有关早期版本的安全性修正的信息。

解决方案

鉴于成功攻击所造成的威胁,Oracle强烈建议客户尽快下载并安装重要补丁更新修复程序。

附录

受影响产品(含版本)以及相关补丁情况如下表:

Affected Products and VersionsPatch Availability Document
Category Management Planning & Optimization, version 15.0.3Retail Applications
Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0Retail Applications
Enterprise Manager Base Platform, versions 12.1.0.5, 13.3.0.0, 13.4.0.0Enterprise Manager
Enterprise Manager for Fusion Middleware, version 12.1.0.5Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0Enterprise Manager
GoldenGate Stream Analytics, versions prior to 19.1.0.0.1Database
Hyperion Financial Close Management, version 11.1.2.4Fusion Middleware
Instantis EnterpriseTrack, versions 17.1-17.3Oracle Construction and Engineering Suite
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.4.2JD Edwards
JD Edwards EnterpriseOne Tools, versions prior to 9.2.3.3, prior to 9.2.4.2JD Edwards
MySQL Client, versions 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and priorMySQL
MySQL Cluster, versions 7.3.29 and prior, 7.4.28 and prior, 7.5.18 and prior, 7.6.14 and prior, 8.0.20 and priorMySQL
MySQL Connectors, versions 8.0.20 and priorMySQL
MySQL Enterprise Monitor, versions 4.0.12 and prior, 8.0.20 and priorMySQL
MySQL Server, versions 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and priorMySQL
Oracle Agile Engineering Data Management, version 6.2.1.0Oracle Supply Chain Products
Oracle Application Express, versions 5.1-19.2Database
Oracle Application Testing Suite, versions 13.2.0.1, 13.3.0.1Enterprise Manager
Oracle AutoVue, version 21.0Oracle Supply Chain Products
Oracle Banking Enterprise Collections, versions 2.7.0-2.9.0Oracle Banking Platform
Oracle Banking Payments, versions 14.1.0-14.4.0Oracle Financial Services Applications
Oracle Banking Platform, versions 2.4.0-2.10.0Oracle Banking Platform
Oracle Berkeley DB, versions prior to 6.1.38, prior to 18.1.40Berkeley DB
Oracle BI Publisher, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0Fusion Middleware
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 11.0, 11.1, 11.2, prior to 11.3.1Oracle Commerce
Oracle Commerce Platform, versions 11.1, 11.2, prior to 11.3.1Oracle Commerce
Oracle Commerce Service Center, versions 11.1, 11.2, prior to 11.3.1Oracle Commerce
Oracle Communications Analytics, version 12.1.1Oracle Communications Analytics
Oracle Communications Billing and Revenue Management, versions 7.5.0.23.0, 12.0.0.3.0Oracle Communications Billing and Revenue Management
Oracle Communications BRM – Elastic Charging Engine, versions 11.3, 12.0Oracle Communications BRM – Elastic Charging Engine
Oracle Communications Contacts Server, version 8.0.0.4.0Oracle Communications Contacts Server
Oracle Communications Convergence, versions 3.0.1.0-3.0.2.1Oracle Communications Convergence
Oracle Communications Diameter Signaling Router (DSR), versions 8.0-8.4Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager, versions 8.1.1, 8.2.0, 8.2.1Oracle Communications Element Manager
Oracle Communications Evolved Communications Application Server, version 7.1Oracle Communications Evolved Communications Application Server
Oracle Communications Instant Messaging Server, version 10.0.1.4.0Oracle Communications Instant Messaging Server
Oracle Communications Interactive Session Recorder, versions 6.1-6.4Oracle Communications Interactive Session Recorder
Oracle Communications IP Service Activator, versions 7.3.0, 7.4.0Oracle Communications IP Service Activator
Oracle Communications LSMS, versions 13.0-13.3Oracle Communications LSMS
Oracle Communications Messaging Server, versions 8.0.2, 8.1.0Oracle Communications Messaging Server
Oracle Communications MetaSolv Solution, version 6.3.0Oracle Communications MetaSolv Solution
Oracle Communications Network Charging and Control, versions 6.0.1, 12.0.0-12.0.3Oracle Communications Network Charging and Control
Oracle Communications Network Integrity, versions 7.3.2-7.3.6Oracle Communications Network Integrity
Oracle Communications Operations Monitor, versions 3.4, 4.1-4.3Oracle Communications Operations Monitor
Oracle Communications Order and Service Management, versions 7.3, 7.4Oracle Communications Order and Service Management
Oracle Communications Services Gatekeeper, versions 6.0, 6.1, 7.0Oracle Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions 8.1.0, 8.2.0, 8.3.0Oracle Communications Session Border Controller
Oracle Communications Session Report Manager, versions 8.1.1, 8.2.0, 8.2.1Oracle Communications Session Report Manager
Oracle Communications Session Route Manager, versions 8.1.1, 8.2.0, 8.2.1Oracle Communications Session Route Manager
Oracle Configuration Manager, version 12.1.2.0.6Enterprise Manager
Oracle Configurator, versions 12.1, 12.2Oracle Supply Chain Products
Oracle Data Masking and Subsetting, versions 13.3.0.0, 13.4.0.0Enterprise Manager
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, [Spatial Studio] prior to 19.2.1Database
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9E-Business Suite
Oracle Endeca Information Discovery Studio, version 3.2.0Fusion Middleware
Oracle Enterprise Communications Broker, versions 3.0.0-3.2.0Oracle Enterprise Communications Broker
Oracle Enterprise Repository, version 11.1.1.7.0Fusion Middleware
Oracle Enterprise Session Border Controller, versions 8.1.0, 8.2.0, 8.3.0Oracle Enterprise Session Border Controller
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Compliance Regulatory Reporting, versions 8.0.6-8.0.8Oracle Financial Services Compliance Regulatory Reporting
Oracle Financial Services Lending and Leasing, versions 12.5.0, 14.1.0-14.8.0Oracle Financial Services Applications
Oracle Financial Services Liquidity Risk Management, version 8.0.6Oracle Financial Services Liquidity Risk Management
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.6-8.0.8Oracle Financial Services Loan Loss Forecasting and Provisioning
Oracle Financial Services Market Risk Measurement and Management, versions 8.0.6, 8.0.8Oracle Financial Services Market Risk Measurement and Management
Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank, version 8.0.4Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank
Oracle FLEXCUBE Investor Servicing, versions 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0Oracle Financial Services Applications
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0Oracle Financial Services Applications
Oracle Fusion Middleware MapViewer, versions 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Global Lifecycle Management/OPatch, versions prior to 12.2.0.1.20Global Lifecycle Management
Oracle GoldenGate, versions prior to 19.1.0.0.0Database
Oracle GraalVM Enterprise Edition, versions 19.3.2, 20.1.0Oracle GraalVM Enterprise Edition
Oracle Health Sciences Empirica Inspections, version 1.0.1.2Health Sciences
Oracle Health Sciences Empirica Signal, version 7.3.3Health Sciences
Oracle Healthcare Master Person Index, version 4.0.2Health Sciences
Oracle Healthcare Translational Research, versions 3.2.1, 3.3.1, 3.3.2, 3.4.0Health Sciences
Oracle Help Technologies, versions 11.1.1.9.0, 12.2.1.3.0Fusion Middleware
Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1Oracle Hospitality Guest Access
Oracle Hospitality Reporting and Analytics, version 9.1.0Oracle Hospitality Reporting and Analytics
Oracle Hyperion BI+, version 11.1.2.4Fusion Middleware
Oracle iLearning, versions 6.1, 6.1.1iLearning
Oracle Insurance Accounting Analyzer, versions 8.0.6-8.0.9Oracle Insurance Accounting Analyzer
Oracle Insurance Data Gateway, version 1.0Oracle Insurance Applications
Oracle Insurance Policy Administration J2EE, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0Oracle Insurance Applications
Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0Oracle Insurance Applications
Oracle Java SE, versions 7u261, 8u251, 11.0.7, 14.0.1Java SE
Oracle Java SE Embedded, version 8u251Java SE
Oracle Outside In Technology, versions 8.5.4, 8.5.5Fusion Middleware
Oracle Rapid Planning, versions 12.1, 12.2Oracle Supply Chain Products
Oracle Real User Experience Insight, version 13.3.1.0Enterprise Manager
Oracle Retail Assortment Planning, versions 15.0, 15.0.3, 16.0, 16.0.3Retail Applications
Oracle Retail Bulk Data Integration, versions 15.0, 16.0Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, version 18.0Retail Applications
Oracle Retail Data Extractor for Merchandising, versions 1.9, 1.10, 18.0Retail Applications
Oracle Retail Extract Transform and Load, version 19.0Retail Applications
Oracle Retail Financial Integration, versions 15.0, 16.0Retail Applications
Oracle Retail Fusion Platform, version 5.5Retail Applications
Oracle Retail Integration Bus, versions 15.0, 15.0.3, 16.0, 16.0.3Retail Applications
Oracle Retail Invoice Matching, version 16.0Retail Applications
Oracle Retail Item Planning, version 15.0.3Retail Applications
Oracle Retail Macro Space Optimization, version 15.0.3Retail Applications
Oracle Retail Merchandise Financial Planning, version 15.0.3Retail Applications
Oracle Retail Merchandising System, versions 15.0.3, 16.0.2, 16.0.3Retail Applications
Oracle Retail Order Broker, version 15.0Retail Applications
Oracle Retail Predictive Application Server, versions 14.0.3, 14.1.3, 15.0.3, 16.0.3Retail Applications
Oracle Retail Regular Price Optimization, versions 15.0.3, 16.0.3Retail Applications
Oracle Retail Replenishment Optimization, version 15.0.3Retail Applications
Oracle Retail Sales Audit, version 14.1Retail Applications
Oracle Retail Service Backbone, versions 14.1, 15.0, 16.0Retail Applications
Oracle Retail Size Profile Optimization, version 15.0.3Retail Applications
Oracle Retail Store Inventory Management, versions 14.0.4, 14.1.3, 15.0.3, 16.0.3Retail Applications
Oracle Retail Xstore Point of Service, versions 7.1, 15.0, 16.0, 17.0, 18.0, 19.0Retail Applications
Oracle SD-WAN Aware, version 8.2Oracle SD-WAN Aware
Oracle SD-WAN Edge, versions 8.2, 9.0Oracle SD-WAN Edge
Oracle Security Service, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Solaris, version 11Systems
Oracle TimesTen In-Memory Database, versions prior to 18.1.2.1.0Database
Oracle Transportation Management, versions 6.3.7, 6.4.3Oracle Supply Chain Products
Oracle Unified Directory, versions 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 5.2.44, prior to 6.0.24, prior to 6.1.12Virtualization
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8Systems
PeopleSoft Enterprise FIN Expenses, version 9.2PeopleSoft
PeopleSoft Enterprise HCM Global Payroll Switzerland, version 9.2PeopleSoft
PeopleSoft Enterprise HRMS, version 9.2PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58PeopleSoft
Primavera Gateway, versions 16.2.0-16.2.11, 17.12.0-17.12.7, 18.8.0-18.8.9, 19.12.0-19.12.4Oracle Construction and Engineering Suite
Primavera P6 Enterprise Project Portfolio Management, versions 16.1.0.0-16.2.20.1, 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19, 19.12.0-19.12.6Oracle Construction and Engineering Suite
Primavera Portfolio Management, versions 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0Oracle Construction and Engineering Suite
Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12, [Mobile App] prior to 20.6Oracle Construction and Engineering Suite
Siebel Applications, versions 2.20.5 and prior, 20.6 and priorSiebel

Spread the word. Share this post!

Meet The Author

Leave Comment