• 基础设施安全

  • 数据安全

  • 云计算安全

  • 工控安全

  • 物联网安全

  • 信息技术应用创新

  • 全部产品

  • 全部解决方案

基础设施安全


  • 政府

  • 运营商

  • 金融

  • 能源

  • 交通

  • 企业

  • 教育

  • 医疗

返回列表

【安全威胁通告】Oracle全系产品2019年10月关键补丁更新 安全威胁通告

2019-10-17

发布者:绿盟科技

综述

   当地时间2019年10月15日,Oracle官方发布了2019年10月关键补丁更新公告CPU(Critical Patch Update),安全通告以及第三方安全公告等公告内容,修复了240个不同程度的漏洞。各产品受影响情况以及可用补丁情况见附录表格。

   完整信息请查看官方通告:

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

漏洞总结



产品

漏洞个数

未授权远程利用个数

最高CVSS评分

Oracle Database server

10

2

6.8

Oracle NoSQL Database

1

1

10

Oracle Construction and Engineering Suite

13

11

9.8

Oracle E-Business Suite

10

10

8.2

Oracle Enterprise manager Products Suite

7

5

9.8

Oracle Financial Services Applications

7

4

9.8

Oracle Food and Beverage Applications

7

3

9.0

Oracle Fusion Middleware

37

31

9.8

Oracle Health Sciences Applications

2

2

6.1

Oracle Hospitality Applications

3

2

7.5

Oracle Hyperion

3

0

6.4

Oracle Java SE

20

20

6.8

Oracle GraalVM

3

2

7.7

Oracle JD Edwards Products

1

1

9.8

Oracle Knowledge

17

16

9.8

Oracle MySQL

34

9

9.8

Oracle PeopleSoft Products

13

10

9.8

Oracle Policy Automation

4

4

7.5

Oracle Retail Applications

12

9

9.8

Oracle Siebel CRM

4

4

7.5

Oracle Sun Systems Products Suite

12

7

9.8

Oracle Supply Chain Products

3

3

9.8

Oracle Support Tools

2

2

6.1

Oracle Virtualization

15

3

8.8

受影响的产品及版本

受影响的产品及版本信息请参考文末附录。

关键补丁更新(cpu)

   关键修补程序更新(cpu)是针对多个安全漏洞的修补程序集合。关键修补程序更新通常是累积的但每次都只描述自上一个关键修补程序更新咨询以来添加的安全修复补丁。因此应复查先前发布的安全修补程序的重要更新建议以了解有关早期版本的安全性修正的信息。

解决方案

鉴于成功攻击所造成的威胁,Oracle强烈建议客户尽快下载并安装重要补丁更新修复程序。

附录

受影响产品(含版本)以及相关补丁情况如下表:



Affected Products and Versions

Patch Availability Document

Agile Recipe Management for Pharmaceuticals versions 9.3.3 9.3.4

Oracle Supply Chain Products

Diagnostic Assistant version 2.12.36

Support Tools

Enterprise Manager Base Platform versions 13.2 13.3

Enterprise Manager

Enterprise Manager for Exadata versions 12.1.0.5.0 13.2.2.0.0 13.3.1.0.0 13.3.2.0.0

Enterprise Manager

Enterprise Manager Ops Center versions 12.3.3 12.4.0

Enterprise Manager

Fujitsu M10-1 M10-4 M10-4S M12-1 M12-2 M12-2S Servers versions prior to XCP2361 prior to XCP3071

Systems

Hyperion Data Relationship Management version 11.1.2.4

Fusion Middleware

Hyperion Enterprise Performance Management Architect version 11.1.2.4

Fusion Middleware

Hyperion Financial Reporting version 11.1.2.4

Fusion Middleware

Instantis EnterpriseTrack versions 17.1 17.2 17.3

Oracle Construction and Engineering Suite

JD Edwards EnterpriseOne Tools version 4.0.1.0

JD Edwards

MICROS Relate CRM Software versions 7.1.0 11.4 15.0.0 16.0.0 17.0.0 18.0.0

Retail Applications

MICROS Retail XBRi Loss Prevention version 10.8.3

Retail Applications

MySQL Connectors versions 5.3.13 and prior 8.0.17 and prior

MySQL

MySQL Enterprise Monitor versions 8.0.17 and prior

MySQL

MySQL Server versions 5.6.45 and prior 5.7.27 and prior 8.17 and prior

MySQL

MySQL Workbench versions 8.0.17 and prior

MySQL

Oracle Agile PLM versions 9.3.3-9.3.6

Oracle Supply Chain Products

Oracle Agile Product Lifecycle Management for Process versions 6.2.0.0 6.2.1.0 6.2.2.0 6.2.3.0

Oracle Supply Chain Products

Oracle API Gateway version 11.1.2.4.0

Fusion Middleware

Oracle Application Testing Suite versions 13.2 13.3

Enterprise Manager

Oracle Banking Digital Experience versions 18.1 18.2 18.3 19.1

Oracle Financial Services Applications

Oracle Banking Platform versions 2.4.0 2.4.1 2.5.0 2.6.0 2.6.1 2.7.0 2.7.1

Oracle Banking Platform

Oracle BI Publisher versions 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0

Fusion Middleware

Oracle Business Intelligence Enterprise Edition versions 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0

Fusion Middleware

Oracle Clusterware version 19.0.0.0.0

Support Tools

Oracle Data Integrator version 12.2.1.3.0

Fusion Middleware

Oracle Database Server versions 11.2.0.4 12.1.0.2 12.2.0.1 18c 19c

Database

Oracle E-Business Suite versions 12.1.1-12.1.3 12.2.3-12.2.9

E-Business Suite

Oracle Enterprise Repository version 12.1.3.0.0

Fusion Middleware

Oracle Financial Services Analytical Applications Infrastructure versions 8.0.2-8.0.8

Oracle Financial Services Analytical Applications Infrastructure

Oracle Financial Services Enterprise Financial Performance Analytics versions 8.0.6 8.0.7

Oracle Financial Services Enterprise Financial Performance Analytics

Oracle Financial Services Retail Performance Analytics versions 8.0.6 8.0.7

Oracle Financial Services Retail Performance Analytics

Oracle FLEXCUBE Direct Banking versions 12.0.2 12.0.3

Oracle Financial Services Applications

Oracle Forms version 12.2.1.3.0

Fusion Middleware

Oracle GoldenGate Application Adapters version 12.3.2.1.0

Fusion Middleware

Oracle GraalVM Enterprise Edition version 19.2.0

Oracle GraalVM Enterprise Edition

Oracle Healthcare Foundation versions 7.1.1 7.2.2

Health Sciences

Oracle Healthcare Translational Research versions 3.1.0 3.2.1 3.3.1

Health Sciences

Oracle Hospitality Cruise Dining Room Management version 8.0.80

Oracle Hospitality Cruise Dining Room Management

Oracle Hospitality Guest Access versions 4.2.0 4.2.1

Oracle Hospitality Guest Access

Oracle Hospitality Materials Control version 18.1

Oracle Hospitality Materials Control

Oracle Hospitality Reporting and Analytics version 9.1.0

Oracle Hospitality Reporting and Analytics

Oracle Hospitality RES 3700 version 5.7

Oracle Hospitality RES

Oracle Java SE versions 7u231 8u221 11.0.4 13

Java SE

Oracle Java SE Embedded version 8u221

Java SE

Oracle JDeveloper and ADF versions 11.1.1.9.0 11.1.2.4.0 12.1.3.0.0 12.2.1.3.0

Fusion Middleware

Oracle NoSQL Database versions prior to 19.3.12

NoSQL Database

Oracle Outside In Technology version 8.5.4

Fusion Middleware

Oracle Policy Automation versions 10.4.7 12.1.0 12.1.1 12.2.0-12.2.15

Oracle Policy Automation

Oracle Policy Automation Connector for Siebel version 10.4.6

Oracle Policy Automation

Oracle Policy Automation for Mobile Devices versions 12.2.0-12.2.15

Oracle Policy Automation

Oracle Retail Customer Insights versions 15.0 16.0

Retail Applications

Oracle Retail Customer Management and Segmentation Foundation version 17.0

Retail Applications

Oracle Retail Integration Bus versions 15.0 16.0

Retail Applications

Oracle Retail Xstore Office version 7.1

Retail Applications

Oracle Retail Xstore Point of Service versions 7.1 15.0 16.0 17.0 17.0.3 18.0 18.0.1 19.0.0

Retail Applications

Oracle Service Bus versions 11.1.1.9.0 12.1.3.0.0 12.2.1.3.0

Fusion Middleware

Oracle SOA Suite version 12.2.1.3.0

Fusion Middleware

Oracle Solaris versions 10 11

Systems

Oracle Virtual Directory version 11.1.1.9.0

Fusion Middleware

Oracle VM VirtualBox versions prior to 5.2.34 prior to 6.0.14

Virtualization

Oracle Web Services version 12.2.1.3.0

Fusion Middleware

Oracle WebCenter Portal version 12.2.1.3.0

Fusion Middleware

Oracle WebLogic Server versions 10.3.6.0.0 12.1.3.0.0 12.2.1.3.0

Fusion Middleware

PeopleSoft Enterprise HCM Human Resources version 9.2

PeopleSoft

PeopleSoft Enterprise PeopleTools versions 8.56 8.57

PeopleSoft

PeopleSoft Enterprise SCM eProcurement version 9.2

PeopleSoft

Primavera Gateway versions 15.2 16.2 17.12 18.8

Oracle Construction and Engineering Suite

Primavera P6 Enterprise Project Portfolio Management versions 15.1.0-15.2.18 16.1.0-16.2.18 17.1.0-17.12.14 18.1.0-18.8.13

Oracle Construction and Engineering Suite

Primavera Unifier versions 16.1 16.2 17.7-17.12 18.8

Oracle Construction and Engineering Suite

Siebel Applications versions 19.8 and prior

Siebel


声 明

=============

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。


关于绿盟科技

==============

北京神州绿盟信息安全科技股份有限公司(简称绿盟科技)成立于2000年4月,总部位于北京。在国内外设有30多个分支机构,为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户,提供具有核心竞争力的安全产品及解决方案,帮助客户实现业务的安全顺畅运行。

基于多年的安全攻防研究,绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域,为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。

北京神州绿盟信息安全科技股份有限公司于2014年1月29日起在深圳证券交易所创业板上市,股票简称:绿盟科技,股票代码:300369。


<<上一篇

【安全威胁通告】Weblogic高危漏洞 安全威胁通告

>>下一篇

【安全威胁通告】Cisco Aironet Access Points未授权访问漏洞 安全威胁通告

您的联系方式

*姓名
*单位名称
*联系方式
*验证码
提交到邮箱

购买热线

  • 购买咨询:

    400-818-6868-1

  • 服务热线:

    010-68438880-5069

  • 投诉专线:

    010-59610080

提交项目需求

欢迎加入绿盟科技,成为我们的合作伙伴!
  • *请描述您的需求
  • *最终客户名称
  • *项目名称
  • 您感兴趣的产品
  • 项目预算
您的联系方式
  • *姓名
  • *联系电话
  • *邮箱
  • *职务
  • *公司
  • *城市
  • *行业
  • *验证码
  • 提交到邮箱

微博

微信

服务热线

400-818-6868

服务时间

7*24小时

© 2020 NSFOCUS 绿盟科技 www.nsfocus.com All Rights Reserved . 京公网安备 11010802021605号 京ICP备14004349号 京ICP证110355号