تحديثات Oracle
3431تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
15 يناير, 2020
● عالٍ جدًا
2020-795
الكل
الوصف:
- أصدرت Oracle تحديثات لمعالجة عدة ثغرات في المنتجات التالية:
- Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0, 13.3.0.0
- Enterprise Manager for Fusion Middleware, versions 13.2.0.0, 13.3.0.0
- Enterprise Manager for Oracle Database, versions 12.1.0.5, 13.2.0.0, 13.3.0.0
- Enterprise Manager Ops Center, versions 12.3.3, 12.4.0
- Hyperion Financial Close Management, version 11.1.2.4
- Hyperion Planning, version 11.1.2.4
- Identity Manager, versions 11.1.2.3.0, 12.2.1.3.0
- Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3
- JD Edwards EnterpriseOne Orchestrator, version 9.2
- JD Edwards EnterpriseOne Tools, version 9.2
- MySQL Client, versions 5.6.46 and prior, 5.7.28 and prior, 8.0.18 and prior
- MySQL Cluster, versions 7.3.27 and prior, 7.4.25 and prior, 7.5.15 and prior, 7.6.12 and prior
- MySQL Connectors, versions 5.3.13 and prior, 8.0.18 and prior
- MySQL Enterprise Backup, versions 3.12.4 and prior, 4.1.3 and prior
- MySQL Server, versions 5.6.46 and prior, 5.7.28 and prior, 8.0.18 and prior
- MySQL Workbench, versions 8.0.18 and prior
- Oracle Agile Engineering Data Management, versions 6.2.0, 6.2.1 Oracle Supply Chain Products
- Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6
- Oracle Agile PLM Framework, version 9.3.3
- Oracle Agile PLM MCAD Connector, versions 3.4, 3.5, 3.6
- Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0.1
- Oracle AutoVue, version 12.0.2
- Oracle Banking Corporate Lending, versions 12.3.0-12.4.0, 14.0.0-14.3.0
- Oracle Banking Payments, versions 14.1.0-14.3.0
- Oracle Big Data Discovery, version 1.6
- Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
- Oracle Clinical, version 5.2
- Oracle Coherence, versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
- Oracle Communications Design Studio, versions 7.3.4.3.0, 7.3.5.5.0, 7.4.0.4.0, 7.4.1.1.0
- Oracle Communications Diameter Signaling Router (DSR), versions 8.0, 8.1, 8.2, 8.3, 8.4
- Oracle Communications Instant Messaging Server, version 10.0.1.3.0
- Oracle Communications Interactive Session Recorder, versions 6.0, 6.1, 6.2, 6.3
- Oracle Communications IP Service Activator, versions 7.3.4, 7.4.0
- Oracle Communications Session Border Controller, versions 7.4, 8.0, 8.1, 8.2, 8.3
- Oracle Communications Session Router, versions 7.4, 8.0, 8.1, 8.2, 8.3
- Oracle Communications Subscriber-Aware Load Balancer, versions 7.3, 8.1, 8.3
- Oracle Communications Unified Inventory Management, versions 7.3, 7.4
- Oracle Communications Unified Session Manager, versions 7.3.5, 8.2.5
- Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.1.0.11, 12.2.0.1, 18c, 19c, 29, 212.2.0.1
- Oracle Demantra Demand Management, versions 12.2.4, 12.2.4.1, 12.2.5, 12.2.5.1
- Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9
- Oracle Endeca Information Discovery Integrator, version 3.2.0
- Oracle Endeca Information Discovery Studio, version 3.2.0
- Oracle Enterprise Communications Broker, versions PCz3.0, PCz3.1, PCz3.2
- Oracle Enterprise Repository, version 12.1.3.0.0
- Oracle Enterprise Session Border Controller, versions 7.5, 8.0, 8.1, 8.2, 8.3
- Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3-7.3.5, 8.0.0-8.0.8
- Oracle Financial Services Funds Transfer Pricing, versions 8.0.2-8.0.7
- Oracle Financial Services Revenue Management and Billing, versions 2.7.0.0, 2.7.0.1, 2.8.0.0
- Oracle FLEXCUBE Investor Servicing, versions 12.1.0-12.4.0, 14.0.0-14.1.0
- Oracle FLEXCUBE Universal Banking, versions 12.0.1-12.4.0, 14.0.0-14.3.0
- Oracle GraalVM Enterprise Edition, version 19.3.0.2
- Oracle Health Sciences Data Management Workbench, versions 2.4, 2.5
- Oracle Healthcare Master Person Index, version 3.0
- Oracle Hospitality Cruise Materials Management, version 7.30.567
- Oracle Hospitality Guest Access, version 4.2
- Oracle Hospitality OPERA 5, versions 5.5, 5.6
- Oracle Hospitality Suites Management, versions 3.7, 3.8
- Oracle HTTP Server, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
- Oracle iLearning, version 6.1
- Oracle Java SE, versions 7u241, 8u231, 8u241, 11.0.5, 13.0.1
- Oracle Java SE Embedded, version 8u231
- Oracle Outside In Technology, version 8.5.4
- Oracle Real-Time Scheduler, versions 2.3.0.1-2.3.0.3
- Oracle Reports Developer, versions 12.2.1.3.0, 12.2.1.4.0
- Oracle Retail Assortment Planning, versions 15.0.3, 16.0.3
- Oracle Retail Clearance Optimization Engine, versions 13.4, 14.0, 14.0.3, 14.0.5
- Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0
- Oracle Retail Markdown Optimization, versions 13.4, 13.4.4
- Oracle Retail Order Broker, versions 5.2, 15.0, 16.0, 18.0
- Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3
- Oracle Retail Sales Audit, version 15.0.3.16.0.2
- Oracle Secure Global Desktop, versions 5.4, 5.5
- Oracle Security Service, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
- Oracle Solaris, versions 10, 11 Systems
- Oracle Tuxedo, versions 12.1.1.0.0, 12.1.3.0.0
- Oracle Utilities Framework, versions 4.2.0.2-4.2.0.3, 4.3.0.1-4.3.0.4
- Oracle Utilities Mobile Workforce Management, versions 2.3.0.1-2.3.0.3
- Oracle Utilities Work and Asset Management (v1), version 1.9.1.2
- Oracle VM Server for SPARC, version 3.6 Systems
- Oracle VM VirtualBox, versions prior to 5.2.36, prior to 6.0.16, prior to 6.1.2 Virtualization
- Oracle WebCenter Sites, version 12.2.1.3.0
- Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
- PeopleSoft Enterprise CC Common Application Objects, versions 9.1, 9.2
- PeopleSoft Enterprise HCM Human Resources, version 9.2
- PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58
- PeopleSoft PeopleTools, versions 8.56, 8.57
- Primavera Gateway, versions 15.2.18, 16.2.11, 17.12.6, 18.8.8.1
- Primavera P6 Enterprise Project Portfolio Management, versions 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0, 19.12.0.0, 20.1.0.0
- Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12
- Siebel Applications, versions 19.10 and prior
- Sun ZFS Storage Appliance Kit, version 8.8.6
- Tape Library ACSLS, versions 8.5, 8.5.1
التهديدات:
يمكن للمهاجم عن بعد (Remote Attacker) استغلال الثغرات وتنفيذ التالي:
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
- هجمة حجب الخدمة (DoS attack)
- وصول غير مصرح به للبيانات
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت Oracle توضيح للتحديثات اللازمة:
https://www.oracle.com/security-alerts/cpujan2020.html#AppendixHYP