Security Warnings

Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Oracle Updates

90

Warning Date: 22 July, 2021

Severity Level ● Critical

Warning Number: 2021-3239

Target Sector: All

Description:

Oracle has released security update to address 342 vulnerabilities in the following products:

  • Big Data Spatial and Graph
    • prior to 2.0
    • prior to 23.1
  • Enterprise Manager Base Platform
    • 13.4.0.0
  • Essbase
    • 21.2
  • Essbase Analytic Provider Services
    • 11.1.2.4
    • 21.2
  • Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers
    • prior to XCP2400
    • prior to XCP3100
  • Hyperion Essbase Administration Services
    • 11.1.2.4
    • 21.2
  • Hyperion Financial Reporting
    • 11.1.2.4
    • 11.2.5.0
  • Hyperion Infrastructure Technology
    • 11.1.2.4
    • 11.2.5.0
  • Identity Manager
    • 11.1.2.2.0
    • 11.1.2.3.0
    • 12.2.1.3.0
    • 12.2.1.4.0
  • Instantis EnterpriseTrack
    • 17.1
    • 17.2
    • 17.3
  • JD Edwards EnterpriseOne Orchestrator
    • 9.2.5.3 and prior
  • JD Edwards EnterpriseOne Tools
    • 9.2.5.3 and prior
  • MICROS Compact Workstation 3
    • 310
  • MICROS ES400 Series
    • 400
    • 410
  • MICROS Kitchen Display System Hardware
    • 210
  • MICROS Workstation 5A
    • 5A
  • MICROS Workstation 6
    • 610
    • 655
  • MySQL Cluster
    • 8.0.25 and prior
  • MySQL Connectors
    • 8.0.23 and prior
  • MySQL Enterprise Monitor
    • 8.0.23 and prior
  • MySQL Server
    • 5.7.34 and prior
    • 8.0.25 and prior
  • Oracle Access Manager
    • 11.1.2.3.0
  • Oracle Agile Engineering Data Management
    • 6.2.1.0
  • Oracle Agile PLM
    • 9.3.3
    • 9.3.5
    • 9.3.6
  • Oracle Application Express
    • prior to 21.1.0.0.4
  • Oracle Application Express (CKEditor)
    • prior to 21.1.0.0.1
  • Oracle Application Express Application Builder (DOMPurify)
    • prior to 21.1.0.0.1
  • Oracle Application Testing Suite
    • 13.3.0.1
  • Oracle BAM (Business Activity Monitoring)
    • 11.1.1.9.0
    • 12.2.1.3.0
    • 12.2.1.4.0
  • Oracle Banking Enterprise Default Management
    • 2.10.0
    • 2.12.0
  • Oracle Banking Liquidity Management
    • 14.2
    • 14.3
    • 14.5
  • Oracle Banking Party Management
    • 2.7.0
  • Oracle Banking Platform
    • 2.4.0
    • 2.7.1
    • 2.9.0
    • 2.12.0
  • Oracle Banking Treasury Management
    • 14.4
  • Oracle BI Publisher
    • 5.5.0.0.0
    • 11.1.1.7.0
    • 11.1.1.9.0
    • 12.2.1.3.0
    • 12.2.1.4.0
  • Oracle Business Intelligence Enterprise Edition
    • 12.2.1.4.0
  • Oracle Coherence
    • 3.7.1.0
    • 12.1.3.0.0
    • 12.2.1.3.0
    • 12.2.1.4.0
    • 14.1.1.0.0
  • Oracle Commerce Guided Search
    • 11.3.2
  • Oracle Commerce Guided Search / Oracle Commerce Experience Manager
    • 11.3.1.5
    • 11.3.2
  • Oracle Commerce Merchandising
    • 11.1.0
    • 11.2.0
    • 11.3.0-11.3.2
  • Oracle Commerce Platform
    • 11.0.0
    • 11.1.0
    • 11.2.0
    • 11.3.0-11.3.2
  • Oracle Commerce Service Center
    • 11.0.0
    • 11.1.0
    • 11.2.0
    • 11.3.0-11.3.2
  • Oracle Communications Application Session Controller
    • 3.9
  • Oracle Communications Billing and Revenue Management
    • 7.5.0.23.0
    • 12.0.0.3.0
  • Oracle Communications BRM - Elastic Charging Engine
    • 11.3.0.9.0
    • 12.0.0.3.0
  • Oracle Communications Cloud Native Core Console
    • 1.4.0
  • Oracle Communications Cloud Native Core Network Function Cloud Native Environment
    • 1.4.0
    • 1.7.0
  • Oracle Communications Cloud Native Core Network Slice Selection Function
    • 1.2.1
  • Oracle Communications Cloud Native Core Policy
    • 1.5.0
    • 1.9.0
  • Oracle
    • 1.7.0
  • Oracle Communications Cloud Native Core Service Communication Proxy
    • 1.5.2
  • Oracle Communications Cloud Native Core Unified Data Repository
    • 1.4.0
    • 1.6.0
  • Oracle Communications Convergent Charging Controller
    • 12.0.4.0.0
  • Oracle Communications Design Studio
    • 7.4.2
  • Oracle Communications Diameter Signaling Router (DSR)
    • 8.0.0-8.5.0
  • Oracle Communications EAGLE Software
    • 46.6.0-46.8.2
  • Oracle Communications Evolved Communications Application Server
    • 7.1
  • Oracle Communications Instant Messaging Server
    • 10.0.1.4.0
  • Oracle Communications Network Charging and Control
    • 6.0.1.0
    • 12.0.1.0-12.0.4.0
    • 12.0.4.0.0
  • Oracle Communications Offline Mediation Controller
    • 12.0.0.3.0
  • Oracle Communications Pricing Design Center
    • 12.0.0.3.0
  • Oracle Communications Services Gatekeeper
    • 7.0, 8.2
  • Oracle Communications Unified Inventory Management
    • 7.3.2
    • 7.3.4
    • 7.3.5
    • 7.4.0
    • 7.4.1
  • Oracle Configuration Manager
    • 12.1.2.0.8
  • Oracle Data Integrator
    • 12.2.1.3.0
    • 12.2.1.4.0
  • Oracle Database Server
    • 12.1.0.2
    • 12.2.0.1
    • 19c
  • Oracle E-Business Suite
    • 12.1.1-12.1.3
    • 12.2.3-12.2.10
  • Oracle Enterprise Data Quality
    • 12.2.1.3.0
    • 12.2.1.4.0
  • Oracle Enterprise Repository
    • 11.1.1.7.0
  • Oracle Financial Services Analytical Applications Infrastructure
    • 8.0.6-8.0.9
    • 8.1.0
    • 8.1.1
  • Oracle Financial Services Crime and Compliance Investigation Hub
    • 20.1.2
  • Oracle Financial Services Regulatory Reporting with AgileREPORTER
    • 8.0.9.6.3
  • Oracle Financial Services Revenue Management and Billing Analytics
    • 2.7.0
    • 2.8.0
  • Oracle FLEXCUBE Private Banking
    • 12.0.0
    • 12.1.0
  • Oracle FLEXCUBE Universal Banking
    • 12.0-12.4
    • 14.0-14.4.0
  • Oracle MapViewer
    • 12.2.1.4.0
  • Oracle GoldenGate Application Adapters
    • 19.1.0.0.0
  • Oracle GraalVM Enterprise Edition
    • 20.3.2
    • 21.1.0
  • Oracle Hospitality Reporting and Analytics
    • 9.1.0
  • Oracle Hospitality Suite8
    • 8.13
    • 8.14
  • Oracle Hyperion BI+
    • 11.1.2.4
    • 11.2.5.0
  • Oracle Insurance Policy Administration
    • 11.0.2
    • 11.1.0-11.3.0
  • Oracle Insurance Policy Administration J2EE
    • 11.0.2
  • Oracle Insurance Rules Palette
    • 11.0.2
    • 11.1.0-11.3.0
  • Oracle Java SE
    • 7u301
    • 8u291
    • 11.0.11
    • 16.0.1
  • Oracle JDeveloper
    • 12.2.1.3.0
    • 12.2.1.4.0
  • Oracle JDeveloper and ADF
    • 12.2.1.4.0
  • Oracle Managed File Transfer
    • 12.2.1.3.0
    • 12.2.1.4.0
  • Oracle Outside In Technology
    • 8.5.5
  • Oracle Policy Automation
    • 12.2.0-12.2.22
  • Oracle Retail Back Office
    • 14.1
  • Oracle Retail Central Office
    • 14.1
  • Oracle Retail Customer Engagement
    • 16.0-19.0
  • Oracle Retail Customer Management and Segmentation Foundation
    • 16.0-19.0
  • Oracle Retail Financial Integration
    • 14.1.3.2
    • 15.0.3.1
    • 16.0.3.0
  • Oracle Retail Integration Bus
    • 14.1.3.2
    • 15.0.3.1
    • 16.0.3.0
  • Oracle Retail Merchandising System
    • 14.1.3.2
    • 15.0.3.1
    • 16.0.3
  • Oracle Retail Order Broker
    • 15.0
    • 16.0
  • Oracle Retail Order Management System Cloud Service
    • 19.5
  • Oracle Retail Point-of-Service
    • 14.1
  • Oracle Retail Price Management
    • 14.0
    • 14.1
    • 15.0
    • 16.0
  • Oracle Retail Returns Management
    • 14.1
  • Oracle Retail Service Backbone
    • 14.1.3.2
    • 15.0.3.1
    • 16.0.3.0
  • Oracle Retail Xstore Point of Service
    • 16.0.6
    • 17.0.4
    • 18.0.3
    • 19.0.2
    • 20.0.1
  • Oracle SD-WAN Aware
    • 8.2
    • 9.0
  • Oracle SD-WAN Edge
    • 8.2
    • 9.0
    • 9.1
  • Oracle Secure Global Desktop
    • 5.6
  • Oracle Solaris
    • 11
  • Oracle Solaris Cluster
    • 4.4
  • Oracle Transportation Management
    • 6.4.3
  • Oracle VM VirtualBox
    • prior to 6.1.24
  • Oracle WebCenter Portal
    • 11.1.1.9.0
    • 12.2.1.3.0
    • 12.2.1.4.0
  • Oracle WebLogic Server
    • 10.3.6.0.0
    • 12.1.3.0.0
    • 12.2.1.3.0
    • 12.2.1.4.0
    • 14.1.1.0.0
  • Oracle ZFS Storage Appliance Kit
    • 8.8
  • OSS Support Tools
    • prior to 2.12.41
  • PeopleSoft Enterprise CS Campus Community
    • 9.0
    • 9.2
  • PeopleSoft Enterprise HCM Candidate Gateway
    • 9.2
  • PeopleSoft Enterprise HCM Shared Components
    • 9.2
  • PeopleSoft Enterprise PeopleTools
    • 8.57
    • 8.58
    • 8.58.8.59
    • 8.59
  • PeopleSoft Enterprise PT PeopleTools
    • 8.57
    • 8.58
    • 8.59
  • Primavera Gateway
    • 17.12.0-17.12.11
    • 18.8.0-18.8.11
    • 19.12.0-19.12.10
    • 20.12.0
  • Primavera P6 Enterprise Project Portfolio Management
    • 17.12.0-17.12.20
    • 18.8.0-18.8.23
    • 19.12.0-19.12.14
    • 20.12.0-20.12.3
  • Primavera Unifier
    • 17.7-17.12
    • 18.8
    • 19.12
    • 20.12
  • Real-Time Decisions (RTD) Solutions
    • 3.2.0.0
  • Siebel Applications
    • 21.5 and prior
  • StorageTek Tape Analytics SW Tool
    • 2.3

Threats:

Attacker could exploit these vulnerabilities by executing arbitrary code.

Best practice and Recommendations:

The CERT team encourages users to review Oracle security advisory and apply the necessary updates:

Last updated at 22 July, 2021