The official site for Saudi CERT
Oracle Alert
15260
Warning Date
Severity Level
Warning Number
Target Sector
19 October, 2022
● Critical
2022-5342
All
Oracle has released security updates to address multiple vulnerabilities in the following products:
- Application Management Pack for Oracle E-Business Suite
- 13.4.1.0.0
- Big Data Spatial and Graph
- Enterprise Manager Base Platform
- 13.4.0.0, 13.5.0.0
- Enterprise Manager for Virtualization
- 13.4.0.0, 13.5.0.0
- Enterprise Manager Ops Center
- 12.4.0.0
- JD Edwards EnterpriseOne Orchestrator
- 9.2.6.4 and prior
- JD Edwards EnterpriseOne Tools
- 9.2.6.4 and prior
- MySQL Connectors
- 8.0.30 and prior
- MySQL Enterprise Backup
- 4.1.4 and prior
- MySQL Enterprise Monitor
- 8.0.31 and prior
- MySQL Installer
- 1.6.3 and prior
- MySQL Server
- 5.7.39 and prior
- 8.0.30 and prior
- MySQL Shell
- 8.0.30 and prior
- MySQL Workbench
- 8.0.30 and prior
- Oracle Access Manager
- 12.2.1.3.0, 12.2.1.4.0
- Oracle Agile Engineering Data Management
- 6.2.1.0
- Oracle Agile PLM
- 9.3.6
- Oracle Airlines Data Model
- Oracle Application Express
- Oracle AutoVue
- 21.0.2
- Oracle Autovue for Agile Product Lifecycle Management
- 21.0.2
- Oracle Banking Enterprise Default Management
- 2.12.0
- Oracle Banking Loans Servicing
- 2.8.0, 2.12.0
- Oracle Banking Party Management
- 2.7.0
- Oracle Banking Platform
- 2.7.1, 2.9.0, 2.12.0
- Oracle BI Publisher
- 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0, 12.2.1.4.0
- Oracle Business Activity Monitoring(Oracle BAM)
- 12.2.1.3.0, 12.2.1.4.0
- Oracle Business Intelligence Enterprise Edition
- 5.9.0.0, 6.4.0.0
- Oracle Business Process Management Suite
- 12.2.1.3.0, 12.2.1.4.0
- Oracle Coherence
- 12.2.1.4.0, 14.1.1.0.0
- Oracle Commerce Platform
- 11.3.0-11.3.2
- Oracle Communications Billing and Revenue Management
- 12.0.0.4.0-12.0.0.7.0
- Oracle Communications Cloud Native Core Binding Support Function
- 22.3.0
- Oracle Communications Cloud Native Core Console
- 22.2.0
- Oracle Communications Cloud Native Core Network Exposure Function
- 22.2.1, 22.3.0
- Oracle Communications Cloud Native Core Network Function Cloud Native Environment
- 1.9.0, 22.1, 22.1.0, 22.2, 22.2.0, 22.2.1
- Oracle Communications Cloud Native Core Network Repository Function
- 22.2.2
- Oracle Communications Cloud Native Core Policy
- 22.3.0
- Oracle Communications Cloud Native Core Security Edge Protection Proxy
- 22.1.1, 22.2.0, 22.2.1, 22.3.0
- Oracle Communications Cloud Native Core Service Communication Proxy
- 22.2.3, 22.3.1, 22.4.0
- Oracle Communications Cloud Native Core Unified Data Repository
- 22.1.1, 22.2.1, 22.3.0
- Oracle Communications Converged Application Server - Service Controller
- 6.2
- Oracle Communications Convergence
- 3.0.3.0
- Oracle Communications Convergent Charging Controller
- 6.0.1.0.0, 12.0.1.0.0-12.0.5.0.0
- Oracle Communications Data Model
- 12.2.0.1
- Oracle Communications Design Studio
- 7.4.2
- Oracle Communications Diameter Signaling Router
- 8.6.0.0
- Oracle Communications Element Manager
- 9.0
- Oracle Communications Evolved Communications Application Server
- 7.1
- Oracle Communications Instant Messaging Server
- 10.0.1.6.0
- Oracle Communications Interactive Session Recorder
- 6.4
- Oracle Communications Messaging Server
- 8.1
- Oracle Communications MetaSolv Solution
- 6.3.1
- Oracle Communications Network Charging and Control
- 6.0.1.0.0, 12.0.1.0.0-12.0.5.0.0
- Oracle Communications Order and Service Management
- 7.3, 7.4
- Oracle Communications Policy Management
- 12.6.0.0.0
- Oracle Communications Pricing Design Center
- 12.0.0.4.0-12.0.0.7.0
- Oracle Communications Services Gatekeeper
- 7.0.0.0.0
- Oracle Communications Session Border Controller
- 8.4, 9.0, 9.1
- Oracle Communications Session Report Manager
- 9.0
- Oracle Communications Unified Assurance
- prior to 5.5.7.0.0, 6.0.0.0.0
- Oracle Communications User Data Repository
- 12.4.0, 12.6.0, 12.6.1
- Oracle Communications WebRTC Session Controller
- 7.2.0, 7.2.1
- Oracle Data Integrator
- 12.2.1.4.0
- Oracle Database Server
- 19c, 21c
- Oracle Documaker Enterprise Edition
- 12.6-12.7
- Oracle E-Business Suite
- 12.2.3-12.2.11
- Oracle Enterprise Data Quality
- 12.2.1.3.0, 12.2.1.4.0
- Oracle Enterprise Operations Monitor
- 4.4, 5.0
- Oracle Essbase
- 21.3
- Oracle Financial Services Analytical Applications Infrastructure
- 8.0.7.0-8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1
- Oracle Financial Services Behavior Detection Platform
- 8.0.7.2, 8.0.8.1, 8.1.1.0, 8.1.1.1, 8.1.2.0, 8.1.2.1, 8.1.2.2
- Oracle Financial Services Enterprise Case Management
- 8.0.7.3, 8.0.8.2, 8.1.1.0, 8.1.1.1, 8.1.2.0, 8.1.2.1, 8.1.2.2
- Oracle Financial Services Model Management and Governance,
- 8.0.8.0, 8.1.0.0, 8.1.1.0
- Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
- 8.0.7.0, 8.0.8.0
- Oracle GoldenGate
- 19c
- Oracle GraalVM Enterprise Edition
- 20.3.7, 21.3.3, 22.2.0
- Oracle Healthcare Data Repository
- 8.1.1, 8.1.2, 8.1.3
- Oracle Healthcare Foundation
- 8.1, 8.2
- Oracle Healthcare Master Person Index
- 5.0.0-5.0.3
- Oracle Healthcare Translational Research
- 4.1
- Oracle Hospitality Cruise Fleet Management System
- 9.1.5
- Oracle Hospitality Cruise Shipboard Property Management System,
- 20.2.0, 20.2.2
- Oracle Hospitality Suite8
- 8.10.2, 8.11.0, 8.12.0, 8.13.0, 8.14.0
- Oracle HTTP Server
- 12.2.1.3.0, 12.2.1.4.0
- Oracle Hyperion Infrastructure Technology
- 11.2.9
- Oracle Identity Management Suite
- 12.2.1.3.0, 12.2.1.4.0
- Oracle Insurance Insbridge Rating and Underwriting,
- 5.2.0, 5.4.0-5.6.2
- Oracle Java SE
- 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19
- Oracle MapViewer
- 12.2.1.3.0, 12.2.1.4.0
- Oracle Middleware Common Libraries and Tools
- 12.2.1.3.0, 12.2.1.4.0
- Oracle NoSQL Database
- Oracle Outside In Technology
- 8.5.6
- Oracle Retail Assortment Planning
- 16.0.3
- Oracle Retail Back Office
- 14.1
- Oracle Retail Central Office
- 14.1
- Oracle Retail Customer Insights
- 15.0.2, 15.2, 16.0.2
- Oracle Retail Customer Management and Segmentation Foundation
- 17.0, 18.0, 19.0
- Oracle Retail EFTLink
- 20.0.1, 21.0.0
- Oracle Retail Fiscal Management
- 14.2
- Oracle Retail Merchandising System
- 14.1.3.2, 15.0.3.1, 19.0.1
- Oracle Retail Point Of Service
- 14.1
- Oracle Retail Predictive Application Server
- 14.1.3.47, 15.0.3.116, 16.0.3.260
- Oracle Retail Returns Management
- 14.1
- Oracle Retail Sales Audit
- 19.0.1
- Oracle Retail Service Backbone
- 14.1.3.2, 15.0.3.1, 16.0.3
- Oracle SD-WAN Aware
- 9.0.1.3.0
- Oracle SD-WAN Edge
- 7.0.7, 9.1.1.2.0
- Oracle Secure Backup
- prior to 18.1.0.2.0
- Oracle SOA Suite
- 12.2.1.3.0, 12.2.1.4.0
- Oracle Solaris
- 11
- Oracle Solaris Cluster
- 4
- Oracle SQL Developer
- Oracle TimesTen In-Memory Database
- Oracle Transportation Management
- 6.4.3, 6.5.1
- Oracle Utilities Testing Accelerator
- 6.0.0.1.3, 6.0.0.2.4, 6.0.0.3.3, 7.0.0.0.0
- Oracle VM VirtualBox
- prior to 6.1.40
- Oracle WebCenter Content
- 12.2.1.3.0
- Oracle WebCenter Portal
- 12.2.1.3.0, 12.2.1.4.0
- Oracle WebCenter Sites
- 12.2.1.3.0, 12.2.1.4.0
- Oracle WebLogic Server
- 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
- PeopleSoft Enterprise Common Components
- 9.2
- PeopleSoft Enterprise PeopleTools
- 8.58, 8.59, 8.60
- Primavera Gateway
- 18.8.0-18.8.15, 19.12.0-19.12.14, 20.12.0-20.12.9, 21.12.0-21.12.7
- Primavera Unifier
- 18.8, 19.12, 20.12, 21.12
- Siebel Applications
- 22.8 and prior
An attacker could exploit these vulnerabilities by doing the following:
- Authentication bypass
- Sensitive information disclosure
- Denial of Service (DoS)
- Remote code execution (RCE)
The CERT team encourages users to review Oracle security advisory and apply the necessary updates:
Rate the content
Share the page
