التحذيرات الأمنية

تم ارسال تقييمك بنجاح.
التصنيفات
تحتوي هذه المنشورات على تحذيرات أمنية، بما في ذلك ثغرات رقمية وهجمات إلكترونية وتحديثات تقنية، وقد تم تصنيفها وفقًا لحساسيتها.

عالٍ جدًا

عالي

متوسط

منخفض

تحديثات Oracle

308

تاريخ التحذير: 15 يناير, 2020

مستوى الخطورة ● عالٍ جدًا

رقم التحذير: 2020-795

القطاع المستهدف: الكل

الوصف:

  • أصدرت Oracle تحديثات لمعالجة عدة ثغرات في المنتجات التالية:
  • Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0, 13.3.0.0
  • Enterprise Manager for Fusion Middleware, versions 13.2.0.0, 13.3.0.0
  • Enterprise Manager for Oracle Database, versions 12.1.0.5, 13.2.0.0, 13.3.0.0
  • Enterprise Manager Ops Center, versions 12.3.3, 12.4.0
  • Hyperion Financial Close Management, version 11.1.2.4
  • Hyperion Planning, version 11.1.2.4
  • Identity Manager, versions 11.1.2.3.0, 12.2.1.3.0
  • Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3
  • JD Edwards EnterpriseOne Orchestrator, version 9.2
  • JD Edwards EnterpriseOne Tools, version 9.2
  • MySQL Client, versions 5.6.46 and prior, 5.7.28 and prior, 8.0.18 and prior
  • MySQL Cluster, versions 7.3.27 and prior, 7.4.25 and prior, 7.5.15 and prior, 7.6.12 and prior
  • MySQL Connectors, versions 5.3.13 and prior, 8.0.18 and prior
  • MySQL Enterprise Backup, versions 3.12.4 and prior, 4.1.3 and prior
  • MySQL Server, versions 5.6.46 and prior, 5.7.28 and prior, 8.0.18 and prior
  • MySQL Workbench, versions 8.0.18 and prior
  • Oracle Agile Engineering Data Management, versions 6.2.0, 6.2.1 Oracle Supply Chain Products
  • Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6
  • Oracle Agile PLM Framework, version 9.3.3
  • Oracle Agile PLM MCAD Connector, versions 3.4, 3.5, 3.6
  • Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0.1
  • Oracle AutoVue, version 12.0.2
  • Oracle Banking Corporate Lending, versions 12.3.0-12.4.0, 14.0.0-14.3.0
  • Oracle Banking Payments, versions 14.1.0-14.3.0
  • Oracle Big Data Discovery, version 1.6
  • Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Clinical, version 5.2
  • Oracle Coherence, versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Communications Design Studio, versions 7.3.4.3.0, 7.3.5.5.0, 7.4.0.4.0, 7.4.1.1.0
  • Oracle Communications Diameter Signaling Router (DSR), versions 8.0, 8.1, 8.2, 8.3, 8.4
  • Oracle Communications Instant Messaging Server, version 10.0.1.3.0
  • Oracle Communications Interactive Session Recorder, versions 6.0, 6.1, 6.2, 6.3
  • Oracle Communications IP Service Activator, versions 7.3.4, 7.4.0
  • Oracle Communications Session Border Controller, versions 7.4, 8.0, 8.1, 8.2, 8.3
  • Oracle Communications Session Router, versions 7.4, 8.0, 8.1, 8.2, 8.3
  • Oracle Communications Subscriber-Aware Load Balancer, versions 7.3, 8.1, 8.3
  • Oracle Communications Unified Inventory Management, versions 7.3, 7.4
  • Oracle Communications Unified Session Manager, versions 7.3.5, 8.2.5
  • Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.1.0.11, 12.2.0.1, 18c, 19c, 29, 212.2.0.1
  • Oracle Demantra Demand Management, versions 12.2.4, 12.2.4.1, 12.2.5, 12.2.5.1
  • Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9
  • Oracle Endeca Information Discovery Integrator, version 3.2.0
  • Oracle Endeca Information Discovery Studio, version 3.2.0
  • Oracle Enterprise Communications Broker, versions PCz3.0, PCz3.1, PCz3.2
  • Oracle Enterprise Repository, version 12.1.3.0.0
  • Oracle Enterprise Session Border Controller, versions 7.5, 8.0, 8.1, 8.2, 8.3
  • Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3-7.3.5, 8.0.0-8.0.8
  • Oracle Financial Services Funds Transfer Pricing, versions 8.0.2-8.0.7
  • Oracle Financial Services Revenue Management and Billing, versions 2.7.0.0, 2.7.0.1, 2.8.0.0
  • Oracle FLEXCUBE Investor Servicing, versions 12.1.0-12.4.0, 14.0.0-14.1.0
  • Oracle FLEXCUBE Universal Banking, versions 12.0.1-12.4.0, 14.0.0-14.3.0
  • Oracle GraalVM Enterprise Edition, version 19.3.0.2
  • Oracle Health Sciences Data Management Workbench, versions 2.4, 2.5
  • Oracle Healthcare Master Person Index, version 3.0
  • Oracle Hospitality Cruise Materials Management, version 7.30.567
  • Oracle Hospitality Guest Access, version 4.2
  • Oracle Hospitality OPERA 5, versions 5.5, 5.6
  • Oracle Hospitality Suites Management, versions 3.7, 3.8
  • Oracle HTTP Server, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
  • Oracle iLearning, version 6.1
  • Oracle Java SE, versions 7u241, 8u231, 8u241, 11.0.5, 13.0.1
  • Oracle Java SE Embedded, version 8u231
  • Oracle Outside In Technology, version 8.5.4
  • Oracle Real-Time Scheduler, versions 2.3.0.1-2.3.0.3
  • Oracle Reports Developer, versions 12.2.1.3.0, 12.2.1.4.0
  • Oracle Retail Assortment Planning, versions 15.0.3, 16.0.3
  • Oracle Retail Clearance Optimization Engine, versions 13.4, 14.0, 14.0.3, 14.0.5
  • Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0
  • Oracle Retail Markdown Optimization, versions 13.4, 13.4.4
  • Oracle Retail Order Broker, versions 5.2, 15.0, 16.0, 18.0
  • Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3
  • Oracle Retail Sales Audit, version 15.0.3.16.0.2
  • Oracle Secure Global Desktop, versions 5.4, 5.5
  • Oracle Security Service, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
  • Oracle Solaris, versions 10, 11 Systems
  • Oracle Tuxedo, versions 12.1.1.0.0, 12.1.3.0.0
  • Oracle Utilities Framework, versions 4.2.0.2-4.2.0.3, 4.3.0.1-4.3.0.4
  • Oracle Utilities Mobile Workforce Management, versions 2.3.0.1-2.3.0.3
  • Oracle Utilities Work and Asset Management (v1), version 1.9.1.2
  • Oracle VM Server for SPARC, version 3.6 Systems
  • Oracle VM VirtualBox, versions prior to 5.2.36, prior to 6.0.16, prior to 6.1.2 Virtualization
  • Oracle WebCenter Sites, version 12.2.1.3.0
  • Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
  • PeopleSoft Enterprise CC Common Application Objects, versions 9.1, 9.2
  • PeopleSoft Enterprise HCM Human Resources, version 9.2
  • PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58
  • PeopleSoft PeopleTools, versions 8.56, 8.57
  • Primavera Gateway, versions 15.2.18, 16.2.11, 17.12.6, 18.8.8.1
  • Primavera P6 Enterprise Project Portfolio Management, versions 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0, 19.12.0.0, 20.1.0.0
  • Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12
  • Siebel Applications, versions 19.10 and prior
  • Sun ZFS Storage Appliance Kit, version 8.8.6
  • Tape Library ACSLS, versions 8.5, 8.5.1

التهديدات:

يمكن للمهاجم عن بعد (Remote Attacker) استغلال الثغرات وتنفيذ التالي:

  • رفع الصلاحيات لزيادة قدرته على التعديل في النظام
  • هجمة حجب الخدمة (DoS attack)
  • وصول غير مصرح به للبيانات

الإجراءات الوقائية:

يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت Oracle توضيح للتحديثات اللازمة:

https://www.oracle.com/security-alerts/cpujan2020.html#AppendixHYP

آخر تحديث في 15 يناير, 2020

قيم المحتوى

rate-icon