通告编号:NS-2023-0033
2023-07-19
TA****G:
Oracle、关键补丁更新、Weblogic
漏洞危害:
此次补丁更新修复了508个不同程度的漏洞,涉及多个常用产品。
版本:
**1.0
**
1
漏洞概述
2023年7月19日,绿盟科技CERT监测发现Oracle官方发布了7月重要补丁更新公告CPU(Critical Patch Update),此次共修复了508个不同程度的漏洞,此次安全更新涉及Oracle WebLogic Server、Oracle MySQL、Oracle Financial Services Applications、Oracle Enterprise Manager、Oracle Retail Applications等多个常用产品。Oracle强烈建议客户尽快应用关键补丁更新修复程序,对漏洞进行修复。
参考链接:
https://www.oracle.com/security-alerts/cpujul2023.html
SEE MORE →
2****重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Oracle WebLogic Server远程代码执行漏洞(CVE-2023-261****19):
Oracle WebLogic Server存在远程代码执行漏洞,未经身份验证的远程攻击者利用该漏洞,最终导致在目标服务器上执行任意代码。CVSS评分为9.8。
Oracle WebLogic Server安全特性绕过漏洞(CVE-2023-22040):
Oracle WebLogic Server中存在安全特性绕过漏洞,具有高权限的远程攻击者可通过多种协议来破坏Oracle WebLogic服务器,成功利用此漏洞后可导致未经授权创建、删除或修改关键数据,或是访问Oracle WebLogic Server所有数据,同时也可能造成拒绝服务。
Oracle MySQL多个漏洞:
此次安全更新针对Oracle MySQL发布了24个安全补丁, 其中11个漏洞在未经用户身份验证的情况下远程进行利用,即无需用户凭据即可通过网络利用。高危漏洞编号如下:
CVE-2023-20862
CVE-2022-37865
Oracle Financial Services Applications多个漏洞:
此次安全更新针对Oracle Financial Services Applications发布了147个安全补丁。其中的115个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2022-1471
CVE-2022-46364
CVE-2022-45047
CVE-2022-31692
Oracle Insurance Applications多个漏洞:
此次安全更新针对Oracle Insurance Applications发布了3个安全补丁。其中有2个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2023-1436
Oracle Communications多个漏洞:
此次安全更新针对Oracle Communications发布了77个安全补丁,其中的57个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2023-20862
CVE-2022-37434
CVE-2022-1471
CVE-2023-20873
CVE-2022-36944
Oracle Communications Applications多个漏洞:
此次安全更新针对Oracle Communications Applications发布了40个安全补丁。其中的30个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞如下:
CVE-2022-1471
CVE-2021-42575
CVE-2022-46364
CVE-2022-31692
CVE-2023-20873
CVE-2023-20862
CVE-2020-35169
Oracle Enterprise Manager多个漏洞:
此次安全更新针对Oracle Enterprise Manager发布了8个安全补丁。其中有6个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2022-23305
CVE-2023-25690
Oracle Retail Applications多个漏洞:
此次安全更新针对Oracle Retail Applications发布了11个安全补丁。其中有8个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2022-37434
Oracle Siebel CRM多个漏洞:
此次安全更新针对Oracle Siebel CRM发布了9个安全补丁。其中有9个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2022-1471
Oracle Supply Chain多个漏洞:
此次安全更新针对Oracle Supply Chain发布了13个安全补丁。其中有11个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下:
CVE-2022-37434
CVE-2022-27404
Oracle官方7月关键补丁更新漏洞总结如下:
产品
漏洞个数
未授权远程利用的个数
最高CVSS评分
Oracle Database Products Risk Matrices
5
1
6.5
Oracle Database Server
5
1
6.5
Oracle Application Express
3
1
9
Oracle Big Data Spatial and Graph
2
0
6
Oracle Essbase
2
0
6
Oracle GoldenGate
2
1
6.5
Oracle Graph Server and Client
1
1
7.5
Oracle NoSQL Database
1
0
4.3
Oracle Secure Backup
1
0
4.3
Oracle Spatial Studio
1
0
4.3
Oracle TimesTen In-Memory Database
1
1
8.1
Oracle Commerce
8
8
7.5
Oracle Communications Applications
40
30
9.8
Oracle Communications
77
57
9.8
Oracle Construction and Engineering
6
5
7.5
Oracle E-Business Suite
5
3
6.5
Oracle Enterprise Manager
8
6
9.8
Oracle Financial Services Applications
147
115
9.8
Oracle Food and Beverage Applications
1
1
9.8
Oracle Fusion Middleware
60
40
9.8
Oracle Analytics
32
23
9.8
Oracle Health Sciences Applications
1
0
6.5
Oracle Hospitality Applications
2
2
9.8
Oracle Hyperion
3
1
9.8
Oracle Insurance Applications
3
2
7.5
Oracle Java SE
9
8
5.9
Oracle JD Edwards
4
3
9.8
Oracle MySQL
24
11
9.8
Oracle PeopleSoft
9
8
9.8
Oracle Policy Automation
2
2
7.5
Oracle Retail Applications
11
8
9.8
Oracle Siebel CRM
9
9
9.8
Oracle Supply Chain
13
11
9.8
Oracle Systems
1
0
7.8
Oracle Utilities Applications
14
12
9.8
Oracle Virtualization
4
2
8.1
3****漏洞防护
3.1 补丁更新
请用户参考本文附录“受影响产品及补丁信息”及时下载受影响产品更新补丁,并参照补丁安装包中的readme文件进行安装更新,以保证长期有效的防护。
注:Oracle官方补丁需要用户持有正版软件的许可账号,使用该账号登陆https://support.oracle.com后,可以下载最新补丁。
3.2 Weblogic临时防护措施
若相关用户暂时无法安装补丁或不通过T3协议进行JVM通信,可使用下列措施阻断针对利用T3协议漏洞的攻击:
WebLogic Server提供了名为 weblogic.security.net.ConnectionFilterImpl 的默认连接筛选器,此连接筛选器接受所有传入连接,可通过此连接筛选器配置规则,对T3及T3s协议进行访问控制,详细操作步骤如下:
1. 进入WebLogic控制台,在base_domain的配置页面中,进入“安全”选项卡页面,点击“筛选器”,进入连接筛选器配置。
2. 在连接筛选器中输入:weblogic.security.net.ConnectionFilterImpl,参考以下写法,在连接筛选器规则中配置符合企业实际情况的规则:
127.0.0.1 * * allow t3 t3s
本机IP ** allow t3 t3s
允许访问的IP * * allow t3 t3s
* * * deny t3 t3s
连接筛选器规则格式如下:target localAddress localPort action protocols,其中:
target 指定一个或多个要筛选的服务器。
localAddress 可定义服务器的主机地址。(如果指定为一个星号 (*),则返回的匹配结果将是所有本地 IP 地址。)
localPort 定义服务器正在监听的端口。(如果指定了星号,则匹配返回的结果将是服务器上所有可用的端口)。
action 指定要执行的操作。(值必须为“allow”或“deny”。)
protocols 是要进行匹配的协议名列表。(必须指定下列其中一个协议:http、https、t3、t3s、giop、giops、dcom 或 ftp。) 如果未定义协议,则所有协议都将与一个规则匹配。
3. 保存后若规则未生效,建议重新启动WebLogic服务(重启WebLogic服务会导致业务中断,建议相关人员评估风险后,再进行操作)。以Windows环境为例,重启服务的步骤如下:
进入域所在目录下的bin目录,在Windows系统中运行stopWebLogic.cmd文件终止WebLogic服务,Linux系统中则运行stopWebLogic.sh文件。
待终止脚本执行完成后,再运行startWebLogic.cmd或startWebLogic.sh文件启动WebLogic,即可完成WebLogic服务重启。
参考链接:
https://docs.oracle.com/cd/E24329\_01/web.1211/e24485/con\_filtr.htm#SCPRG377
附录****受影响产品及补丁信息
受影响产品及版本号
可用补丁
Application Management Pack for Oracle Utilities & Enterprise Taxation, versions 13.4.1.0.0, 13.5.1.0.0
https://support.oracle.com/rs?type=doc&id=2957770.1
BI Publisher, versions 6.4.0.0.0, 7.0.0.0.0
https://support.oracle.com/rs?type=doc&id=2958379.2
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.7.4
https://support.oracle.com/rs?type=doc&id=2959208.1
JD Edwards EnterpriseOne Tools, versions prior to 9.2.7.4
https://support.oracle.com/rs?type=doc&id=2959208.1
MySQL Cluster, versions 8.0.33 and prior
https://support.oracle.com/rs?type=doc&id=2958912.1
MySQL Connectors, versions 8.0.33 and prior
https://support.oracle.com/rs?type=doc&id=2958912.1
MySQL Enterprise Monitor, versions 8.0.34 and prior
https://support.oracle.com/rs?type=doc&id=2958912.1
MySQL Server, versions 5.7.42 and prior, 8.0.33 and prior
https://support.oracle.com/rs?type=doc&id=2958912.1
MySQL Workbench, versions 8.0.33 and prior
https://support.oracle.com/rs?type=doc&id=2958912.1
Oracle Access Manager, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Agile Engineering Data Management, versions 6.2.1.0-6.2.1.8
https://support.oracle.com/rs?type=doc&id=2959239.1
Oracle Agile PLM, version 9.3.6
https://support.oracle.com/rs?type=doc&id=2959239.1
Oracle Application Express, versions [Application Express Administration] 18.2-22.2, [Application Express Customers Plugin] 18.2-22.2, [Application Express Team Calendar Plugin] 18.2-22.1
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle Application Testing Suite, version 13.3.0.1
https://support.oracle.com/rs?type=doc&id=2946187.1
Oracle AutoVue, versions 21.0.2.0-21.0.2.7
https://support.oracle.com/rs?type=doc&id=2959239.1
Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2
https://support.oracle.com/rs?type=doc&id=2959239.1
Oracle BAM (Business Activity Monitoring), version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Banking APIs, versions 18.2.0.0.0, 18.3.0.0.0, 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0
Oracle Banking Branch, versions 14.5-14.7
Oracle Banking Cash Management, versions 14.7.0.2.0, 14.7.1.0.0
Oracle Banking Corporate Lending, versions 14.0-14.3, 14.5-14.7
Oracle Banking Corporate Lending Process Management, versions 14.4-14.7
Oracle Banking Credit Facilities Process Management, version 14.7.1.0.0
Oracle Banking Digital Experience, versions 18.2.0.0.0, 18.3.0.0.0, 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0
Oracle Banking Liquidity Management, versions 14.5.0.8.0, 14.6.0.3.0, 14.6.0.4.0, 14.7.0.1.0, 14.7.0.2.0, 14.7.1.0.0
Oracle Banking Origination, versions 14.5-14.7, 14.7.0
Oracle Banking Payments, versions 14.5-14.7
Oracle Banking Supply Chain Finance, versions 14.7.0.2.0, 14.7.1.0.0
Oracle Banking Trade Finance, versions 14.0-14.3, 14.5-14.7
Oracle Banking Trade Finance Process Management, versions 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0, 14.7.1.0.0
Oracle Banking Treasury Management, versions 14.5-14.7
Oracle Big Data Spatial and Graph, version 3.0
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle Business Intelligence Enterprise Edition, versions 6.4.0.0.0, 7.0.0.0.0, 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958379.2
Oracle Business Process Management Suite, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Commerce Guided Search, version 11.3.2
https://support.oracle.com/rs?type=doc&id=2959205.1
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2
https://support.oracle.com/rs?type=doc&id=2959205.1
Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.8.0
https://support.oracle.com/rs?type=doc&id=2957693.1
Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.4.0-12.0.0.8.0
https://support.oracle.com/rs?type=doc&id=2957693.1
Oracle Communications Calendar Server, versions 8.0.0.2.0-8.0.0.7.0
https://support.oracle.com/rs?type=doc&id=2957711.1
Oracle Communications Cloud Native Core Automated Test Suite, versions 22.4.1, 23.1.0, 23.1.1
https://support.oracle.com/rs?type=doc&id=2960528.1
Oracle Communications Cloud Native Core Binding Support Function, versions 22.4.0, 23.1.0
https://support.oracle.com/rs?type=doc&id=2960529.1
Oracle Communications Cloud Native Core Console, versions 22.4.2, 23.1.1
https://support.oracle.com/rs?type=doc&id=2960530.1
Oracle Communications Cloud Native Core Network Exposure Function, versions 22.4.3, 23.1.2
https://support.oracle.com/rs?type=doc&id=2960531.1
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 23.1.0
https://support.oracle.com/rs?type=doc&id=2960532.1
Oracle Communications Cloud Native Core Network Repository Function, versions 22.4.2, 22.4.3, 23.1.0, 23.1.1, 23.2.0
https://support.oracle.com/rs?type=doc&id= 2960533.1
Oracle Communications Cloud Native Core Policy, versions 22.4.0, 23.1.0, 23.2.0
https://support.oracle.com/rs?type=doc&id=2960534.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.3.2, 22.4.0, 22.4.3, 23.1.0, 23.1.1, 23.1.2
https://support.oracle.com/rs?type=doc&id=2960535.1
Oracle Communications Cloud Native Core Service Communication Proxy, versions 22.4.0, 23.1.0
https://support.oracle.com/rs?type=doc&id=2960537.1
Oracle Communications Cloud Native Core Unified Data Repository, version 23.1.1
https://support.oracle.com/rs?type=doc&id=2960549.1
Oracle Communications Contacts Server, versions 8.0.0.6.0-8.0.0.8.0
https://support.oracle.com/rs?type=doc&id=2957711.1
Oracle Communications Converged Application Server - Service Controller, version 6.2.0
https://support.oracle.com/rs?type=doc&id=2960550.1
Oracle Communications Convergence, version 3.0.3.2
https://support.oracle.com/rs?type=doc&id=2957711.1
Oracle Communications Convergent Charging Controller, versions 12.0.3.0.0-12.0.6.0.0
https://support.oracle.com/rs?type=doc&id=2957695.1
Oracle Communications Design Studio, versions 7.4.0.7.0, 7.4.1.5.0, 7.4.2.8.0
https://support.oracle.com/rs?type=doc&id=2961899.1
Oracle Communications Diameter Signaling Router, version 8.6.0.0
https://support.oracle.com/rs?type=doc&id=2960570.1
Oracle Communications Instant Messaging Server, version 10.0.1.7.0
https://support.oracle.com/rs?type=doc&id=2957711.1
Oracle Communications Messaging Server, version 8.1.0.21.0
https://support.oracle.com/rs?type=doc&id=2957711.1
Oracle Communications Network Analytics Data Director, version 23.1.0
https://support.oracle.com/rs?type=doc&id=2961143.1
Oracle Communications Network Charging and Control, versions 12.0.3.0.0-12.0.6.0.0
https://support.oracle.com/rs?type=doc&id=2957695.1
Oracle Communications Network Integrity, version 7.3.6.4
https://support.oracle.com/rs?type=doc&id=2959869.1
Oracle Communications Operations Monitor, versions 5.0, 5.1
https://support.oracle.com/rs?type=doc&id=2960571.1
Oracle Communications Order and Service Management, versions 7.3.5, 7.4.0, 7.4.1
https://support.oracle.com/rs?type=doc&id=2957694.1
Oracle Communications Pricing Design Center, versions 12.0.0.4.0-12.0.0.7.0
https://support.oracle.com/rs?type=doc&id=2957693.1
Oracle Communications Unified Assurance, versions 5.5.0-5.5.17, 6.0.0-6.0.2
https://support.oracle.com/rs?type=doc&id=2957696.1
Oracle Communications Unified Inventory Management, versions 7.4.0-7.4.2, 7.5.0
https://support.oracle.com/rs?type=doc&id=2959836.1
Oracle Data Integrator, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Database Server, versions 19.3-19.19, 21.3-21.10
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle Documaker, versions 12.6.1-12.7.1
https://support.oracle.com/rs?type=doc&id=2960012.1
Oracle E-Business Suite, versions 12.2.3-12.3.12
https://support.oracle.com/rs?type=doc&id=2484000.1
Oracle Enterprise Data Quality, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Enterprise Manager for Exadata, version 13.5.0.0
https://support.oracle.com/rs?type=doc&id=2946187.1
Oracle Enterprise Manager for Fusion Middleware, version 13.5.0.0
https://support.oracle.com/rs?type=doc&id=2946187.1
Oracle Enterprise Manager for Oracle Database, version 13.5.0.0
https://support.oracle.com/rs?type=doc&id=2946187.1
Oracle Enterprise Manager Ops Center, version 12.4.0.0
https://support.oracle.com/rs?type=doc&id=2946187.1
Oracle Enterprise Operations Monitor, versions 5.0, 5.1
https://support.oracle.com/rs?type=doc&id=2960572.1
Oracle Essbase, version 21.4.3.0.0
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7, 8.0.8, 8.1.0, 8.1.1, 8.1.2
https://support.oracle.com/rs?type=doc&id=2960444.1
Oracle Financial Services Behavior Detection Platform, versions 8.0.8.1, 8.1.1.1, 8.1.2.4, 8.1.2.5
https://support.oracle.com/rs?type=doc&id=2959412.1
Oracle Financial Services Compliance Studio, version 8.1.2.4
https://support.oracle.com/rs?type=doc&id=2959360.1
Oracle Financial Services Enterprise Case Management, versions 8.0.8.2, 8.1.1.1, 8.1.2.4, 8.1.2.5
https://support.oracle.com/rs?type=doc&id=2959391.1
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, version 8.0.8
https://support.oracle.com/rs?type=doc&id=2959413.1
Oracle FLEXCUBE Investor Servicing, version 14.7.0.0.0
Oracle FLEXCUBE Universal Banking, versions 14.0-14.7
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle GoldenGate, versions 19.1.0.0.0-19.1.0.0.230422, 21.3.0.0.0-21.10.0.0.5
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle GoldenGate Stream Analytics, versions 19.1.0.0.0-19.1.0.0.7
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle GraalVM Enterprise Edition, versions 20.3.10, 21.3.6, 22.3.2
https://support.oracle.com/rs?type=doc&id=2957260.1
Oracle GraalVM for JDK, versions 17.0.7, 20.0.1
https://support.oracle.com/rs?type=doc&id=2957260.1
Oracle Graph Server and Client, versions 21.4.6, 21.4.7, 22.4.1, 22.4.2, 23.1.0
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle Health Sciences Sciences Data Management Workbench, versions 3.1.0.2, 3.1.1.3, 3.2.0.0
https://support.oracle.com/rs?type=doc&id=2959737.1
Oracle Hospitality Cruise Shipboard Property Management System, versions 20.1.0, 20.2.0, 20.3.3
https://support.oracle.com/rs?type=doc&id=2956382.1
Oracle Hospitality Simphony, version 19.5
https://support.oracle.com/rs?type=doc&id=2953046.1
Oracle HTTP Server, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Hyperion Data Relationship Management, version 11.2.13.0.0
https://support.oracle.com/rs?type=doc&id=2775466.2
Oracle Hyperion Essbase Administration Services, version 21.4.3.0.0
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle Hyperion Financial Reporting, version 11.2.13.0.0
https://support.oracle.com/rs?type=doc&id=2775466.2
Oracle Hyperion Workspace, version 11.2.13.0.0
https://support.oracle.com/rs?type=doc&id=2775466.2
Oracle Identity Manager, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Identity Manager Connector, versions 9.1.0, 12.2.1.3.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Java SE, versions 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1
https://support.oracle.com/rs?type=doc&id=2957260.1
Oracle JDeveloper, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Mobile Security Suite, versions prior to 11.1.2.3.1
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle NoSQL Database, versions 19.5.33, 20.3.28, 21.2.55, 22.3.26
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle Policy Automation, versions prior to 12.2.31
https://support.oracle.com/rs?type=doc&id=2957599.1
Oracle Retail Advanced Inventory Planning, versions 15.0, 16.0
https://support.oracle.com/rs?type=doc&id=2956573.1
Oracle Retail Bulk Data Integration, versions 16.0.3, 19.0.1
https://support.oracle.com/rs?type=doc&id=2956573.1
Oracle Retail Financial Integration, versions 14.2.0, 15.0.4, 16.0.3, 19.0.1
https://support.oracle.com/rs?type=doc&id=2956573.1
Oracle Retail Integration Bus, versions 14.2.0, 15.0.4, 16.0.3, 19.0.1
https://support.oracle.com/rs?type=doc&id=2956573.1
Oracle Retail Order Broker, version 19.1
https://support.oracle.com/rs?type=doc&id=2956573.1
Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3
https://support.oracle.com/rs?type=doc&id=2956573.1
Oracle Retail Service Backbone, versions 14.2.0, 15.0.4, 16.0.3, 19.0.1
https://support.oracle.com/rs?type=doc&id=2956573.1
Oracle SD-WAN Edge, version 9.1.1.5.0
https://support.oracle.com/rs?type=doc&id=2960573.1
Oracle Secure Backup, version 18.1.0.1.0
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle Service Bus, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle SOA Suite, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle Solaris, version 11
https://support.oracle.com/rs?type=doc&id=2960446.1
Oracle Spatial Studio, version 22.3.0
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle TimesTen In-Memory Database, versions 22.1.1.1.0-22.1.1.11.0
https://support.oracle.com/rs?type=doc&id=2946185.1
Oracle Utilities Application Framework, versions 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.0, 4.5.0.1.1
https://support.oracle.com/rs?type=doc&id=2957770.1
Oracle Utilities Network Management System, versions 2.4.0.1.21, 2.5.0.0.9, 2.5.0.1, 2.5.0.1.11, 2.5.0.2, 2.5.0.2.3, 2.6.0.0
https://support.oracle.com/rs?type=doc&id=2957770.1
Oracle Utilities Testing Accelerator, versions 6.0.0.1-7.0.0.0
https://support.oracle.com/rs?type=doc&id=2957770.1
Oracle VM VirtualBox, versions prior to 6.1.46, prior to 7.0.10
https://support.oracle.com/rs?type=doc&id=2960866.1
Oracle WebCenter Content, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle WebCenter Sites, version 12.2.1.4.0
https://support.oracle.com/rs?type=doc&id=2958367.2
Oracle WebLogic Server, versions 12.2.1.4.0, 14.1.1.0.0
https://support.oracle.com/rs?type=doc&id=2958367.2
PeopleSoft Enterprise PeopleTools, versions 8.59, 8.60
https://support.oracle.com/rs?type=doc&id=2959206.1
Primavera Gateway, versions 18.8.0-18.8.15, 19.12.0-19.12.16, 20.12.0-20.12.11, 21.12.0-21.12.9
https://support.oracle.com/rs?type=doc&id=2958838.1
Primavera P6 Enterprise Project Portfolio Management, versions 22.12.2, 22.12.3
https://support.oracle.com/rs?type=doc&id=2958838.1
Primavera Unifier, versions 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.15, 22.12.0-22.12.6
https://support.oracle.com/rs?type=doc&id=2958838.1
Siebel Applications, versions 22.12 and prior, 23.6 and prior
https://support.oracle.com/rs?type=doc&id=2959207.1
END
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。
绿盟科技CERT ∣微信公众号
长按识别二维码,关注网络安全威胁信息