Oracle全系产品2021年1月关键补丁更新安全通告

综述

当地时间2021年1月19日,Oracle官方发布了2021年1月关键补丁更新公告CPU(Critical Patch Update),安全通告以及第三方安全公告等公告内容,修复了329个不同程度的漏洞。各产品受影响情况以及可用补丁情况见附录表格。

完整信息请查看官方通告:

https://www.oracle.com/security-alerts/cpujan2021.html

漏洞总结

产品漏洞个数未授权远程利用个数最高CVSS评分
Oracle Database server818.8
Oracle Communications Applications868.1
Oracle Communications1279.8
Oracle Construction and Engineering759.8
Oracle E-Business Suite31299.8
Oracle Enterprise Manager889.8
Oracle Financial Services Applications50419.8
Oracle Food and Beverage Applications219.8
Oracle Fusion Middleware60479.8
Oracle GraalVM227.5
Oracle Health Sciences Applications539.8
Oracle Hyperion759.8
Oracle Insurance Applications316.5
Oracle Java SE115.3
Oracle JD Edwards557.5
Oracle MySQL4357.5
Oracle PeopleSoft868.4
Oracle Retail Applications32209.8
Oracle Siebel CRM417.6
Oracle Supply Chain11118.2
Oracle Systems439.8
Oracle Utilities Applications119.8
Oracle Virtualization1708.2

受影响的产品及版本

受影响的产品及版本信息请参考文末附录。

关键补丁更新(cpu)

关键修补程序更新 (cpu) 是针对多个安全漏洞的修补程序集合。关键修补程序更新通常是累积的, 但每次都只描述自上一个关键修补程序更新咨询以来添加的安全修复补丁。因此, 应复查先前发布的安全修补程序的重要更新建议, 以了解有关早期版本的安全性修正的信息。

解决方案

鉴于成功攻击所造成的威胁,Oracle强烈建议客户尽快下载并安装重要补丁更新修复程序。

附录

受影响产品(含版本)以及相关补丁情况如下表:

Affected Products and VersionsPatch Availability Document
Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Enterprise Manager Base Platform, versions 13.2.1.0, 13.3.0.0, 13.4.0.0Enterprise Manager
Enterprise Manager for Fusion Applications, version 13.3.0.0Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0Enterprise Manager
Hyperion Financial Reporting, version 11.1.2.4Fusion Middleware
Hyperion Infrastructure Technology, version 11.1.2.4Fusion Middleware
Instantis EnterpriseTrack, versions 17.1-17.3Oracle Construction and Engineering Suite
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.5.1JD Edwards
JD Edwards EnterpriseOne Tools, versions prior to 9.2.5.0JD Edwards
MySQL Client, versions 5.6.50 and prior, 5.7.32 and prior, 8.0.22 and priorMySQL
MySQL Enterprise Monitor, versions 8.0.22 and priorMySQL
MySQL Server, versions 5.6.50 and prior, 5.7.32 and prior, 8.0.22 and priorMySQL
MySQL Workbench, versions 8.0.22 and priorMySQL
Oracle Adaptive Access Manager, version 11.1.2.3.0Fusion Middleware
Oracle Agile Engineering Data Management, version 6.2.1.0Oracle Supply Chain Products
Oracle Agile PLM, versions 9.3.5, 9.3.6Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, version 6.1Oracle Supply Chain Products
Oracle Application Express Opportunity Tracker, versions prior to 20.2Database
Oracle Application Express Survey Builder, versions prior to 20.2Database
Oracle Application Testing Suite, version 13.3.0.1Enterprise Manager
Oracle Argus Safety, version 8.2.2Health Sciences
Oracle BAM (Business Activity Monitoring), versions 11.1.1.9.0, 12.2.1.3.0Fusion Middleware
Oracle Banking Corporate Lending Process Management, versions 14.1.0, 14.3.0, 14.4.0Oracle Financial Services Applications
Oracle Banking Credit Facilities Process Management, versions 14.1.0, 14.3.0, 14.4.0Oracle Financial Services Applications
Oracle Banking Extensibility Workbench, versions 14.3.0, 14.4.0Oracle Financial Services Applications
Oracle Banking Liquidity Management, versions 14.0.0-14.4.0Oracle Financial Services Applications
Oracle Banking Payments, version 14.4.0Oracle Financial Services Applications
Oracle Banking Platform, versions 2.4.0, 2.4.1, 2.6.2, 2.7.0, 2.7.1, 2.8.0, 2.9.0Oracle Banking Platform
Oracle Banking Supply Chain Finance, versions 14.2.0-14.4.0Oracle Financial Services Applications
Oracle Banking Trade Finance Process Management, versions 14.1.0, 14.3.0, 14.4.0Oracle Financial Services Applications
Oracle Banking Virtual Account Management, versions 14.1.0, 14.3.0, 14.4.0Oracle Financial Services Applications
Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0Fusion Middleware
Oracle Communications Application Session Controller, version 3.9m0p2Oracle Communications Application Session Controller
Oracle Communications ASAP, version 7.3Oracle Communications ASAP
Oracle Communications BRM – Elastic Charging Engine, versions 11.3.0.9, 12.0.0.3Oracle Communications BRM – Elastic Charging Engine
Oracle Communications Calendar Server, version 8.0.0.4.0Oracle Communications Calendar Server
Oracle Communications Contacts Server, version 8.0.0.5.0Oracle Communications Contacts Server
Oracle Communications Diameter Signaling Router (DSR), versions 8.0.0-8.2.2Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager, versions 8.2.1.0-8.2.2.1Oracle Communications Element Manager
Oracle Communications MetaSolv Solution, versions 6.3.0-6.3.1Oracle Communications MetaSolv Solution
Oracle Communications Network Charging and Control, versions 6.0.1, 12.0.2Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor, versions 3.4, 4.1, 4.2, 4.3Oracle Communications Operations Monitor
Oracle Communications Performance Intelligence Center (PIC) Software, version 10.4.0.2Oracle Communications Performance Intelligence Center (PIC) Software
Oracle Communications Session Report Manager, versions 8.2.1.0-8.2.2.1Oracle Communications Session Report Manager
Oracle Complex Maintenance, Repair, and Overhaul, versions 11.5.10, 12.1, 12.2Oracle Supply Chain Products
Oracle Configurator, versions 12.1, 12.2Oracle Supply Chain Products
Oracle Data Integrator, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Database Server, versions 12.1.0.2, 12.2.0.1, 18c, 19cDatabase
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10E-Business Suite
Oracle Endeca Information Discovery Integrator, version 3.2.0.0Fusion Middleware
Oracle Enterprise Communications Broker, versions 3.1, 3.2Oracle Enterprise Communications Broker
Oracle Enterprise Data Quality, versions 11.1.1.9.0, 12.2.1.3.0Fusion Middleware
Oracle Enterprise Repository, version 11.1.1.7.0Fusion Middleware
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Asset Liability Management, versions 8.0.7, 8.1.0Oracle Financial Services Asset Liability Management
Oracle Financial Services Data Integration Hub, versions 8.0.3, 8.0.6Oracle Financial Services Data Integration Hub
Oracle Financial Services Funds Transfer Pricing, versions 8.0.6, 8.0.7, 8.1.0Oracle Financial Services Funds Transfer Pricing
Oracle Financial Services Market Risk Measurement and Management, version 8.0.6Oracle Financial Services Market Risk Measurement and Management
Oracle Financial Services Profitability Management, versions 8.0.6, 8.0.7, 8.1.0Oracle Financial Services Profitability Management
Oracle Financial Services Revenue Management and Billing, versions 2.9.0.0, 2.9.0.1Oracle Financial Services Revenue Management and Billing
Oracle FLEXCUBE Core Banking, versions 11.5.0-11.9.0Oracle Financial Services Applications
Oracle FLEXCUBE Universal Banking, version 14.4.0Oracle Financial Services Applications
Oracle Fusion Middleware MapViewer, version 12.2.1.3.0Fusion Middleware
Oracle Global Lifecycle Management OPatchFusion Middleware
Oracle Global Lifecycle ManagerGlobal Lifecycle Management
Oracle GoldenGate Application Adapters, version 19.1.0.0.0Fusion Middleware
Oracle GraalVM Enterprise Edition, versions 19.3.4, 20.3.0Oracle GraalVM Enterprise Edition
Oracle Health Sciences Information Manager, version 3.0.1Health Sciences
Oracle Healthcare Master Person Index, version 4.0.2.5Health Sciences
Oracle Hospitality Reporting and Analytics, version 9.1.0Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony, versions 18.2.7.2, 19.1.3Oracle Hospitality Simphony
Oracle Insurance Allocation Manager for Enterprise Profitability, version 8.1.0Oracle Insurance Allocation Manager for Enterprise Profitability
Oracle Insurance Insbridge Rating and Underwriting, versions 5.0.0.20, 5.1.1.3Oracle Insurance Applications
Oracle Insurance Policy Administration, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0Oracle Insurance Applications
Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0Oracle Insurance Applications
Oracle Java SE, versions 7u281, 8u271Java SE
Oracle Java SE Embedded, version 8u271Java SE
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle Outside In Technology, versions 8.5.4, 8.5.5Fusion Middleware
Oracle Real-Time Decision Server, version 3.2.1.0Fusion Middleware
Oracle Retail Assortment Planning, version 16.0.3Retail Applications
Oracle Retail Bulk Data Integration, versions 15.0.3, 16.0.3Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0, 19.0Retail Applications
Oracle Retail Extract Transform and Load, versions 13.2.5, 13.2.8Retail Applications
Oracle Retail Financial Integration, versions 14.1.3, 15.0.3, 16.0.3Retail Applications
Oracle Retail Integration Bus, versions 14.1.3, 15.0.3, 16.0.3Retail Applications
Oracle Retail Invoice Matching, versions 13.2, 14.0, 14.1Retail Applications
Oracle Retail Merchandising System, version 15.0Retail Applications
Oracle Retail Order Broker, versions 15.0, 16.0Retail Applications
Oracle Retail Order Broker Cloud Service, version 15.0Retail Applications
Oracle Retail Sales Audit, version 14.1Retail Applications
Oracle Retail Service Backbone, versions 14.1.3, 15.0.3, 16.0.3Retail Applications
Oracle Retail Store Inventory Management, versions 14.0.4.0, 14.1.3.0, 14.1.3.9, 15.0.3.0, 16.0.3.0Retail Applications
Oracle SD-WAN Edge, version 9.0Oracle SD-WAN Edge
Oracle Secure BackupOracle Secure Backup
Oracle Transportation Management, version 1.4.3Oracle Supply Chain Products
Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.18Virtualization
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8Systems
PeopleSoft Enterprise FIN Payables, version 9.2PeopleSoft
PeopleSoft Enterprise HCM Human Resources, version 9.2PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58PeopleSoft
Primavera Gateway, versions 16.2.0-16.2.11, 17.12.0-17.12.9, 18.8.0-18.8.10, 19.12.0-19.12.10Oracle Construction and Engineering Suite
Primavera P6 Enterprise Project Portfolio Management, versions 16.1.0-16.2.20, 17.1.0-17.12.19, 18.1.0-18.8.21, 19.12.0-19.12.10Oracle Construction and Engineering Suite
Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12, 20.12Oracle Construction and Engineering Suite
Siebel Applications, versions 20.12 and priorSiebel
StorageTek Tape Analytics SW Tool, version 2.3.1Systems

声 明

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

关于绿盟科技

绿盟科技集团股份有限公司(简称绿盟科技)成立于2000年4月,总部位于北京。在国内外设有30多个分支机构,为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户,提供具有核心竞争力的安全产品及解决方案,帮助客户实现业务的安全顺畅运行。

基于多年的安全攻防研究,绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域,为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。

绿盟科技集团股份有限公司于2014年1月29日起在深圳证券交易所创业板上市,股票简称:绿盟科技,股票代码:300369。

Spread the word. Share this post!

Meet The Author

Leave Comment