The official site for Saudi CERT
Oracle Updates
2873
Warning Date
Severity Level
Warning Number
Target Sector
15 July, 2020
● Critical
2020-1498
All
Description:
Oracle has released security update to address 433 vulnerabilities in the following products:
- Category Management Planning & Optimization
- 15.0.3
- Customer Management and Segmentation Foundation
- 16.0
- 17.0
- 18.0
- Enterprise Manager Base Platform
- 12.1.0.5
- 13.3.0.0
- 13.4.0.0
- Enterprise Manager for Fusion Middleware
- 12.1.0.5
- Enterprise Manager Ops Center
- 12.4.0.0r
- GoldenGate Stream Analytics
- Versions prior to 19.1.0.0.1
- Hyperion Financial Close Management
- 11.1.2.4
- Instantis EnterpriseTrack
- 17.1-17.3
- JD Edwards EnterpriseOne Orchestrator
- Versions prior to 9.2.4.2
- JD Edwards EnterpriseOne Tools
- Versions prior to 9.2.3.3
- Versions prior to 9.2.4.2
- MySQL Client
- Versions prior to 5.6.48
- Versions prior to 5.7.30
- Versions prior to 8.0.20
- MySQL Cluster
- Versions prior to 7.3.29
- Versions prior to 7.4.28
- Versions prior to 7.5.18
- Versions prior to 7.6.14
- Versions prior to 8.0.20
- MySQL Connectors
- Versions prior to 8.0.20
- MySQL Enterprise Monitor
- Versions prior to 4.0.12
- Versions prior to 8.0.20
- MySQL Server
- Versions prior to 5.6.48
- Versions prior to 5.7.30
- Versions prior to 8.0.20
- Oracle Agile Engineering Data Management
- 6.2.1.0
- Oracle Application Express
- 5.1-19.2
- Oracle Application Testing Suite
- 13.2.0.1
- 13.3.0.1
- Oracle AutoVue
- 21.0
- Oracle Banking Enterprise Collections
- 2.7.0-2.9.0
- Oracle Banking Payments
- 14.1.0-14.4.0
- Oracle Banking Platform
- 2.4.0-2.10.0
- Oracle Berkeley DB
- Versions prior to 6.1.38
- Versions prior to 18.1.40
- Oracle BI Publisher
- 11.1.1.9.0
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle Business Intelligence Enterprise Edition
- 5.5.0.0.0
- 11.1.1.9.0
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle Business Process Management Suite
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle Coherence
- 3.7.1.0
- 12.1.3.0.0
- 12.2.1.3.0
- 12.2.1.4.0
- 14.1.1.0.0
- Oracle Commerce Guided Search / Oracle Commerce Experience Manager
- 11.0
- 11.1
- 11.2
- Versions prior to 11.3.1
- Oracle Commerce Platform
- 11.1
- 11.2
- Versions prior to 11.3.1
- Oracle Commerce Service Center
- 11.1
- 11.2
- Versions prior to 11.3.1
- Oracle Communications Analytics
- 12.1.1
- Oracle Communications Billing and Revenue Management
- 7.5.0.23.0
- 12.0.0.3.0
- Oracle Communications BRM - Elastic Charging Engine
- 11.3
- 12.0
- Oracle Communications Contacts Server
- 8.0.0.4.0
- Oracle Communications Convergence
- 3.0.1.0-3.0.2.1
- Oracle Communications Diameter Signaling Router (DSR)
- 8.0-8.4
- Oracle Communications Element Manager
- 8.1.1
- 8.2.0
- 8.2.1
- Oracle Communications Evolved Communications Application Server
- 7.1
- Oracle Communications Instant Messaging Server
- 10.0.1.4.0
- Oracle Communications Interactive Session Recorder
- 6.1-6.4
- Oracle Communications IP Service Activator
- 7.3.0
- 7.4.0
- Oracle Communications LSMS
- 13.0-13.3
- Oracle Communications Messaging Server
- 8.0.2
- 8.1.0
- Oracle Communications MetaSolv Solution
- 6.3.0
- Oracle Communications Network Charging and Control
- 6.0.1
- 12.0.0-12.0.3
- Oracle Communications Network Integrity
- 7.3.2-7.3.6
- Oracle Communications Operations Monitor
- 3.4
- 4.1-4.3
- Oracle Communications Order and Service Management
- 7.3
- 7.4
- Oracle Communications Services Gatekeeper
- 6.0
- 6.1
- 7.0
- Oracle Communications Session Border Controller
- 8.1.0
- 8.2.0
- 8.3.0
- Oracle Communications Session Report Manager
- 8.1.1
- 8.2.0
- 8.2.1
- Oracle Communications Session Route Manager
- 8.1.1
- 8.2.0
- 8.2.1
- 12.1.2.0.6
- Oracle Configurator
- 12.1
- 12.2
- Oracle Data Masking and Subsetting
- 13.3.0.0
- 13.4.0.0
- Oracle Database Server
- 11.2.0.4
- 12.1.0.2
- 12.2.0.1
- 18c
- 19c
- Versions prior to [Spatial Studio] 19.2.1
- Oracle E-Business Suite
- 12.1.1-12.1.3
- 12.2.3-12.2.9
- Oracle Endeca Information Discovery Studio
- 3.2.0
- Oracle Enterprise Communications Broker
- 3.0.0-3.2.0
- Oracle Enterprise Repository
- 11.1.1.7.0
- Oracle Enterprise Session Border Controller
- 8.1.0
- 8.2.0
- 8.3.0
- Oracle Financial Services Analytical Applications Infrastructure
- 8.0.6-8.1.0
- Oracle Financial Services Compliance Regulatory Reporting
- 8.0.6-8.0.8
- Oracle Financial Services Lending and Leasing
- 12.5.0
- 14.1.0-14.8.0
- Oracle Financial Services Liquidity Risk Management
- 8.0.6
- Oracle Financial Services Loan Loss Forecasting and Provisioning
- 8.0.6-8.0.8
- Oracle Financial Services Market Risk Measurement and Management
- 8.0.6
- 8.0.8
- Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank
- 8.0.4
- Oracle FLEXCUBE Investor Servicing
- 12.1.0
- 12.3.0
- 12.4.0
- 14.0.0
- 14.1.0
- Oracle FLEXCUBE Private Banking
- 12.0.0
- 12.1.0
- Oracle Fusion Middleware MapViewer
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle Global Lifecycle Management/OPatch
- Versions prior to 12.2.0.1.20
- Oracle GoldenGate
- Versions prior to 19.1.0.0.0
- Oracle GraalVM Enterprise Edition
- 19.3.2
- 20.1.0
- Oracle Health Sciences Empirica Inspections
- 1.0.1.2
- Oracle Health Sciences Empirica Signal
- 7.3.3
- Oracle Healthcare Master Person Index
- 4.0.2
- Oracle Healthcare Translational Research
- 3.2.1
- 3.3.1
- 3.3.2
- 3.4.0
- Oracle Help Technologies
- 11.1.1.9.0
- 12.2.1.3.0
- Oracle Hospitality Guest Access
- 4.2.0
- 4.2.1
- Oracle Hospitality Reporting and Analytics
- 9.1.0
- Oracle Hyperion BI+
- 11.1.2.4
- Oracle iLearning
- 6.1
- 6.1.1
- Oracle Insurance Accounting Analyzer
- 8.0.6-8.0.9
- Oracle Insurance Data Gateway
- 1.0
- Oracle Insurance Policy Administration J2EE
- 10.2.0
- 10.2.4
- 11.0.2
- 11.1.0
- 11.2.0
- Oracle Insurance Rules Palette
- 10.2.0
- 10.2.4
- 11.0.2
- 11.1.0
- 11.2.0
- Oracle Java SE
- 7u261
- 8u251
- 11.0.7
- 14.0.1
- Oracle Java SE Embedded
- 8u251
- Oracle Outside In Technology
- 8.5.4
- 8.5.5
- Oracle Rapid Planning
- 12.1
- 12.2
- Oracle Real User Experience Insight
- 13.3.1.9
- Oracle Retail Assortment Planning
- 15.0
- 15.0.3
- 16.0
- 16.0.3
- Oracle Retail Bulk Data Integration
- 15.0
- 16.0
- Oracle Retail Customer Management and Segmentation Foundation
- 18.0
- Oracle Retail Data Extractor for Merchandising
- 1.9
- 1.10
- 18.0
- Oracle Retail Extract Transform and Load
- 19.0
- Oracle Retail Financial Integration
- 15.0
- 16.0
- Oracle Retail Fusion Platform
- 5.5
- Oracle Retail Integration Bus
- 15.0
- 15.0.3
- 16.0
- 16.0.3
- Oracle Retail Invoice Matching
- 16.0
- Oracle Retail Item Planning
- 15.0.3
- Oracle Retail Macro Space Optimization
- 15.0.3
- Oracle Retail Merchandise Financial Planning
- 15.0.3
- Oracle Retail Merchandising System
- 15.0.3
- 16.0.2
- 16.0.3
- Oracle Retail Order Broker
- 15.0
- Oracle Retail Predictive Application Server
- 14.0.3
- 14.1.3
- 15.0.3
- 16.0.3
- Oracle Retail Regular Price Optimization
- 15.0.3
- 16.0.3
- Oracle Retail Replenishment Optimization
- 15.0.3
- Oracle Retail Sales Audit
- 14.1
- Oracle Retail Service Backbone
- 14.1
- 15.0
- 16.0
- Oracle Retail Size Profile Optimization
- 15.0.3
- Oracle Retail Store Inventory Management
- 14.0.4
- 14.1.3
- 15.0.3
- 16.0.3
- Oracle Retail Xstore Point of Service
- 7.1
- 15.0
- 16.0
- 17.0
- 18.0
- 19.0
- Oracle SD-WAN Aware
- 8.2
- Oracle SD-WAN Edge
- 8.2
- 9.0
- Oracle Security Service
- 11.1.1.9.0
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle Solaris
- 11
- Oracle TimesTen In-Memory Database
- Versions prior to 18.1.2.1.0
- Oracle Transportation Management
- 6.3.7
- 6.4.3
- Oracle Unified Directory
- 11.1.2.3.0
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle Utilities Framework
- 4.3.0.5.0
- 4.3.0.6.0
- 4.4.0.0.0
- 4.4.0.2.0
- Oracle VM VirtualBox
- Versions prior to 5.2.44
- Versions prior to 6.0.24
- Versions prior to 6.1.12
- Oracle WebCenter Portal
- 11.1.1.9.0
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle WebCenter Sites
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle WebLogic Server
- 10.3.6.0.0
- 12.1.3.0.0
- 12.2.1.3.0
- 12.2.1.4.0
- 14.1.1.0.0
- Oracle ZFS Storage Appliance Kit
- 8.8
- PeopleSoft Enterprise FIN Expenses
- 9.2
- PeopleSoft Enterprise HCM Global Payroll Switzerland
- 9.2
- PeopleSoft Enterprise HRMS
- 9.2
- PeopleSoft Enterprise PeopleTools
- 8.56, 8.57, 8.58
- Primavera Gateway
- 16.2.0-16.2.11
- 17.12.0-17.12.7
- 18.8.0-18.8.9
- 19.12.0-19.12.4
- Primavera P6 Enterprise Project Portfolio Management
- 16.1.0.0-16.2.20.1
- 17.1.0.0-17.12.17.1
- 18.1.0.0-18.8.19
- 19.12.0-19.12.6
- Primavera Portfolio Management
- 16.1.0.0-16.1.5.1
- 18.0.0.0-18.0.2.0
- 19.0.0.0
- Primavera Unifier
- 16.1
- 16.2
- 17.7-17.12
- 18.8
- 19.12
- Versions prior to 20.6 (Mobile App)
- Siebel Applications
- Versions prior to 2.20.5
- Versions prior to 20.6
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of Service (DoS).
- Unauthorized update, insert, read or delete access to some programs.
- Take control of some programs.
- Execute arbitrary code remotely.
Best practice and Recommendations:
The CERT team encourages users to review Oracle security advisory and apply the necessary updates:
Rate the content
Share the page
