Your review has been sent successfully

Oracle Updates

3430
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Most Viewed Warnings

Dell EMC Alert

● Critical

F5 Alert

● High

IBM Alert

● Critical

Fortinet Alert

● High

Red Hat Alert

● High

حملات تصيدية تستهدف مايكروسوفت تيمز (Microsoft Teams)

● High

Warning Date

Severity Level

Warning Number

Target Sector

15 January, 2020

● Critical

2020-795

All

Description:

Oracle has released a security updates to address multiple vulnerabilities in the following products:

  • Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0, 13.3.0.0
  • Enterprise Manager for Fusion Middleware, versions 13.2.0.0, 13.3.0.0
  • Enterprise Manager for Oracle Database, versions 12.1.0.5, 13.2.0.0, 13.3.0.0
  • Enterprise Manager Ops Center, versions 12.3.3, 12.4.0
  • Hyperion Financial Close Management, version 11.1.2.4
  • Hyperion Planning, version 11.1.2.4
  • Identity Manager, versions 11.1.2.3.0, 12.2.1.3.0
  • Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3
  • JD Edwards EnterpriseOne Orchestrator, version 9.2
  • JD Edwards EnterpriseOne Tools, version 9.2
  • MySQL Client, versions 5.6.46 and prior, 5.7.28 and prior, 8.0.18 and prior
  • MySQL Cluster, versions 7.3.27 and prior, 7.4.25 and prior, 7.5.15 and prior, 7.6.12 and prior
  • MySQL Connectors, versions 5.3.13 and prior, 8.0.18 and prior
  • MySQL Enterprise Backup, versions 3.12.4 and prior, 4.1.3 and prior
  • MySQL Server, versions 5.6.46 and prior, 5.7.28 and prior, 8.0.18 and prior
  • MySQL Workbench, versions 8.0.18 and prior
  • Oracle Agile Engineering Data Management, versions 6.2.0, 6.2.1 Oracle Supply Chain Products
  • Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6
  • Oracle Agile PLM Framework, version 9.3.3
  • Oracle Agile PLM MCAD Connector, versions 3.4, 3.5, 3.6
  • Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0.1
  • Oracle AutoVue, version 12.0.2
  • Oracle Banking Corporate Lending, versions 12.3.0-12.4.0, 14.0.0-14.3.0
  • Oracle Banking Payments, versions 14.1.0-14.3.0
  • Oracle Big Data Discovery, version 1.6
  • Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Clinical, version 5.2
  • Oracle Coherence, versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Communications Design Studio, versions 7.3.4.3.0, 7.3.5.5.0, 7.4.0.4.0, 7.4.1.1.0
  • Oracle Communications Diameter Signaling Router (DSR), versions 8.0, 8.1, 8.2, 8.3, 8.4
  • Oracle Communications Instant Messaging Server, version 10.0.1.3.0
  • Oracle Communications Interactive Session Recorder, versions 6.0, 6.1, 6.2, 6.3
  • Oracle Communications IP Service Activator, versions 7.3.4, 7.4.0
  • Oracle Communications Session Border Controller, versions 7.4, 8.0, 8.1, 8.2, 8.3
  • Oracle Communications Session Router, versions 7.4, 8.0, 8.1, 8.2, 8.3
  • Oracle Communications Subscriber-Aware Load Balancer, versions 7.3, 8.1, 8.3
  • Oracle Communications Unified Inventory Management, versions 7.3, 7.4
  • Oracle Communications Unified Session Manager, versions 7.3.5, 8.2.5
  • Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.1.0.11, 12.2.0.1, 18c, 19c, 29, 212.2.0.1
  • Oracle Demantra Demand Management, versions 12.2.4, 12.2.4.1, 12.2.5, 12.2.5.1
  • Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9
  • Oracle Endeca Information Discovery Integrator, version 3.2.0
  • Oracle Endeca Information Discovery Studio, version 3.2.0
  • Oracle Enterprise Communications Broker, versions PCz3.0, PCz3.1, PCz3.2
  • Oracle Enterprise Repository, version 12.1.3.0.0
  • Oracle Enterprise Session Border Controller, versions 7.5, 8.0, 8.1, 8.2, 8.3
  • Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3-7.3.5, 8.0.0-8.0.8
  • Oracle Financial Services Funds Transfer Pricing, versions 8.0.2-8.0.7
  • Oracle Financial Services Revenue Management and Billing, versions 2.7.0.0, 2.7.0.1, 2.8.0.0
  • Oracle FLEXCUBE Investor Servicing, versions 12.1.0-12.4.0, 14.0.0-14.1.0
  • Oracle FLEXCUBE Universal Banking, versions 12.0.1-12.4.0, 14.0.0-14.3.0
  • Oracle GraalVM Enterprise Edition, version 19.3.0.2
  • Oracle Health Sciences Data Management Workbench, versions 2.4, 2.5
  • Oracle Healthcare Master Person Index, version 3.0
  • Oracle Hospitality Cruise Materials Management, version 7.30.567
  • Oracle Hospitality Guest Access, version 4.2
  • Oracle Hospitality OPERA 5, versions 5.5, 5.6
  • Oracle Hospitality Suites Management, versions 3.7, 3.8
  • Oracle HTTP Server, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
  • Oracle iLearning, version 6.1
  • Oracle Java SE, versions 7u241, 8u231, 8u241, 11.0.5, 13.0.1
  • Oracle Java SE Embedded, version 8u231
  • Oracle Outside In Technology, version 8.5.4
  • Oracle Real-Time Scheduler, versions 2.3.0.1-2.3.0.3
  • Oracle Reports Developer, versions 12.2.1.3.0, 12.2.1.4.0
  • Oracle Retail Assortment Planning, versions 15.0.3, 16.0.3
  • Oracle Retail Clearance Optimization Engine, versions 13.4, 14.0, 14.0.3, 14.0.5
  • Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0
  • Oracle Retail Markdown Optimization, versions 13.4, 13.4.4
  • Oracle Retail Order Broker, versions 5.2, 15.0, 16.0, 18.0
  • Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3
  • Oracle Retail Sales Audit, version 15.0.3.16.0.2
  • Oracle Secure Global Desktop, versions 5.4, 5.5
  • Oracle Security Service, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
  • Oracle Solaris, versions 10, 11 Systems
  • Oracle Tuxedo, versions 12.1.1.0.0, 12.1.3.0.0
  • Oracle Utilities Framework, versions 4.2.0.2-4.2.0.3, 4.3.0.1-4.3.0.4
  • Oracle Utilities Mobile Workforce Management, versions 2.3.0.1-2.3.0.3
  • Oracle Utilities Work and Asset Management (v1), version 1.9.1.2
  • Oracle VM Server for SPARC, version 3.6 Systems
  • Oracle VM VirtualBox, versions prior to 5.2.36, prior to 6.0.16, prior to 6.1.2 Virtualization
  • Oracle WebCenter Sites, version 12.2.1.3.0
  • Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
  • PeopleSoft Enterprise CC Common Application Objects, versions 9.1, 9.2
  • PeopleSoft Enterprise HCM Human Resources, version 9.2
  • PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58
  • PeopleSoft PeopleTools, versions 8.56, 8.57
  • Primavera Gateway, versions 15.2.18, 16.2.11, 17.12.6, 18.8.8.1
  • Primavera P6 Enterprise Project Portfolio Management, versions 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0, 19.12.0.0, 20.1.0.0
  • Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12
  • Siebel Applications, versions 19.10 and prior
  • Sun ZFS Storage Appliance Kit, version 8.8.6
  • Tape Library ACSLS, versions 8.5, 8.5.1

Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Escalation of privilege
  • Denial of service attack (DoS)
  • Unauthorized access to data

Best practice and Recommendations :

The CERT team encourages to update the affected versions according to the link below:

https://www.oracle.com/security-alerts/cpujan2020.html#AppendixHYP

Last updated at 15 January, 2020

Rate the content

rate-icon
up icon