Oracle Updates
3342Warning Date
Severity Level
Warning Number
Target Sector
20 October, 2021
● Critical
2021-3704
All
Description:
Oracle has released security updates to address multiple vulnerabilities in the following products:
- Enterprise Manager Base Platform
- 13.4.0.0
- 13.5.0.0
- Enterprise Manager for Oracle Database
- 13.4.0.0
- Enterprise Manager Ops Center
- 12.4.0.0
- Essbase Administration Services
- prior to 11.1.2.4.46
- Hyperion Financial Management
- 11.1.2.4
- 11.2.6.0
- Hyperion Financial Reporting
- 11.1.2.4
- 11.2.6.0
- Hyperion Infrastructure Technology
- 11.2.6.0
- Hyperion Planning
- 11.1.2.4
- 11.2.6.0
- Instantis EnterpriseTrack
- 17.1
- 17.2
- 17.3
- JD Edwards EnterpriseOne Orchestrator
- prior to 9.2.6.0
- JD Edwards EnterpriseOne Tools
- prior to 9.2.6.0
- JD Edwards World Security
- A9.4
- MySQL Client
- 8.0.26 and prior
- MySQL Cluster
- 7.4.33 and prior
- 7.5.23 and prior
- 7.6.19 and prior
- 8.0.26 and prior
- MySQL Connectors
- 8.0.26 and prior
- MySQL Enterprise Monitor
- 8.0.25 and prior
- MySQL Server
- 5.7.35 and prior
- 8.0.26 and prior
- MySQL Workbench
- 8.0.26 and prior
- Oracle Agile PLM
- 9.3.3
- 9.3.6
- Oracle Application Express
- versions prior to 21.1.0
- Oracle Application Testing Suite
- 13.3.0.1
- Oracle Autovue for Agile Product Lifecycle Management
- 21.0.2
- Oracle Banking Cash Management
- 14.2
- 14.3
- 14.5
- Oracle Banking Corporate Lending Process Management
- 14.2
- 14.3
- 14.5
- Oracle Banking Credit Facilities Process Management
- 14.2
- 14.3
- 14.5
- Oracle Banking Enterprise Default Management
- 2.10.0
- 2.12.0
- Oracle Banking Extensibility Workbench
- 14.2
- 14.3
- 14.5
- Oracle Banking Platform
- 2.6.2
- 2.7.1
- 2.9.0
- 2.12.0
- Oracle Banking Supply Chain Finance
- 14.2
- 14.3
- 14.5
- Oracle Banking Trade Finance Process Management
- 14.2
- 14.3
- 14.5
- Oracle Banking Virtual Account Management
- 14.2
- 14.3
- 14.5
- Oracle Business Activity Monitoring
- 11.1.1.9.0
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle Business Intelligence Enterprise Edition
- 5.5.0.0.0
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle Commerce Guided Search
- 11.3.2
- Oracle Commerce Merchandising
- 11.3.2
- Oracle Communications Application Session Controller
- 3.9
- Oracle Communications Billing and Revenue Management
- 7.5.0.0.0
- 12.0.0.3.0
- Oracle Communications BRM - Elastic Charging Engine
- 12.0.0.3
- Oracle Communications Calendar Server
- 8.0.0.6.0
- Oracle Communications Cloud Native Core Network Repository Function
- 1.14.0
- Oracle Communications Cloud Native Core Policy
- 1.11.0
- Oracle Communications Control Plane Monitor
- 3.4
- 4.2
- 4.3
- 4.4
- Oracle Communications Converged Application Server - Service Controller
- 6.2
- Oracle Communications Design Studio
- 7.4.2
- Oracle Communications Diameter Signaling Router
- 8.0.0.0-8.5.0.0
- Oracle Communications EAGLE
- Oracle Communications EAGLE FTP Table Base Retrieval
- 4.5
- Oracle Communications EAGLE LNP Application Processor
- 46.7
- 46.8
- 46.9
- Oracle Communications Element Manager
- 8.2.0.0-8.2.4.0
- Oracle Communications Fraud Monitor
- 3.4-4.4
- Oracle Communications Interactive Session Recorder
- 6.4
- Oracle Communications LSMS
- 13.1-13.4
- Oracle Communications Messaging Server
- 8.1
- Oracle Communications MetaSolv Solution
- 6.3.1
- Oracle Communications Offline Mediation Controller
- 12.0.0.3.0
- Oracle Communications Operations Monitor
- 3.4
- 4.2
- 4.3
- 4.4
- Oracle Communications Policy Management
- 12.5.0
- Oracle Communications Pricing Design Center
- 12.0.0.3.0
- Oracle Communications Services Gatekeeper
- 7.0
- Oracle Communications Session Border Controller
- 8.4
- 9.0
- Oracle Communications Session Report Manager
- 8.0.0.0-8.2.5.0
- Oracle Communications Session Route Manager
- 8.0.0.0-8.2.5.0
- Oracle Data Integrator
- 12.2.1.4.0
- Oracle Database Server
- 12.1.0.2
- 12.2.0.1
- 19c
- 21c
- Oracle Documaker
- 12.6.0-12.6.4
- Oracle E-Business Suite
- 12.1.1-12.1.3
- 12.2.3-12.2.10
- Oracle Enterprise Communications Broker
- 3.2, 3.3
- Oracle Enterprise Repository
- 11.1.1.7.0
- Oracle Enterprise Telephony Fraud Monitor
- 3.4
- 4.2
- 4.3
- 4.4
- Oracle Ethernet Switch ES2-64, Oracle Ethernet Switch ES2-72
- 2.0.0.14
- Oracle Financial Services Analytical Applications Infrastructure
- 8.0.6-8.1.1
- Oracle Financial Services Enterprise Case Management
- 8.0.7.2.0
- 8.0.8.1.0
- Oracle Financial Services Model Management and Governance
- 8.0.8.0.0-8.1.0.0.0
- Oracle FLEXCUBE Core Banking
- 11.7
- 11.8
- 11.9
- 11.10
- Oracle Global Lifecycle Management OPatch
- Oracle GoldenGate
- prior to 19.1.0.0.0.210420
- Oracle GoldenGate Application Adapters
- 19.1.0.0.0
- Oracle GraalVM Enterprise Edition
- 20.3.3
- 21.2.0
- Oracle Graph Server and Client
- prior to 21.3.0
- Oracle Health Sciences Central Coding
- 6.2.0
- 6.3.0
- Oracle Health Sciences InForm
- 6.3.0
- Oracle Healthcare Data Repository
- 7.0.2
- 8.1.0
- Oracle Healthcare Foundation
- 7.3
- 8.0
- 8.1
- Oracle Hospitality Cruise Shipboard Property Management System
- 20.1.0
- Oracle HTTP Server
- 11.1.1.9.0
- 12.2.1.4.0
- Oracle Insurance Calculation Engine
- 11.0.0-11.3.1
- Oracle Insurance Policy Administration
- 11.0.0-11.3.1
- Oracle Java SE
- 7u311
- 8u301
- 11.0.12
- 17
- Oracle NoSQL Database
- Oracle Outside In Technology
- 8.5.5
- Oracle Real User Experience Insight
- 13.4.1.0
- 13.5.1.0
- Oracle Real-Time Decision Server
- 3.2.0.0
- 11.1.1.9.0
- Oracle REST Data Services
- versions prior to 21.3
- Oracle Retail Advanced Inventory Planning
- 14.1
- 15.0
- 16.0
- Oracle Retail Assortment Planning
- 16.0
- Oracle Retail Back Office
- 14.0
- 14.1
- Oracle Retail Bulk Data Integration
- 16.0.3
- 19.0.1
- Oracle Retail Central Office
- 14.0
- 14.1
- Oracle Retail Customer Management and Segmentation Foundation
- 16.0-19.0
- Oracle Retail Extract Transform and Load
- 13.2.8
- Oracle Retail Financial Integration
- 14.1.3.2
- 15.0.4.0
- 16.0.3.0
- Oracle Retail Integration Bus
- 14.1.3.2
- 15.0.4.0
- 16.0.3.0
- 19.0.1.0
- Oracle Retail Merchandising System
- 15.0.3
- 19.0.1
- Oracle Retail Point-of-Service
- 14.0
- 14.1
- Oracle Retail Predictive Application Server
- 14.1.3
- 15.0.3
- 16.0.3
- Oracle Retail Returns Management
- 14.0
- 14.1
- Oracle Retail Service Backbone
- 14.1.3.2
- 15.0.4.0
- 16.0.3.0
- 19.0.1.0
- Oracle Retail Store Inventory Management
- 14.1
- 15.0
- 16.0
- Oracle Secure Backup
- versions prior to 18.1.0.1.0
- Oracle Secure Global Desktop
- 5.6
- Oracle Solaris
- 11
- Oracle Spatial Studio
- Oracle SQL Developer
- Oracle Transportation Management
- 6.4.3
- Oracle Utilities Framework
- 4.2.0.2.0
- 4.2.0.3.0
- 4.3.0.1.0-4.3.0.6.0
- 4.4.0.0.0
- 4.4.0.2.0
- 4.4.0.3.0
- Oracle VM VirtualBox
- versions prior to 6.1.28
- Oracle WebCenter Portal
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle WebCenter Sites
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle WebLogic Server
- 10.3.6.0.0
- 12.1.3.0.0
- 12.2.1.3.0
- 12.2.1.4.0
- 14.1.1.0.0
- Oracle WebLogic Server Proxy Plug-In
- 12.2.1.3.0
- 12.2.1.4.0
- Oracle ZFS Storage Appliance Kit
- 8.8
- PeopleSoft Enterprise CC Common Application Objects
- 9.2
- PeopleSoft Enterprise CS Academic Advisement
- 9.2
- PeopleSoft Enterprise CS Campus Community
- 9.0
- 9.2
- PeopleSoft Enterprise CS SA Integration Pack
- 9.0
- 9.2
- PeopleSoft Enterprise CS Student Records
- 9.2
- PeopleSoft Enterprise PeopleTools
- 8.57
- 8.58
- 8.59
- PeopleSoft Enterprise SCM
- 9.2
- Primavera Gateway
- 17.12.0-17.12.11
- 18.8.0-18.8.12
- 19.12.0-19.12.11
- 20.12.0-20.12.7
- Primavera Unifier
- 17.7-17.12
- 18.8
- 19.12
- 20.12
- Siebel Applications
- 21.9 and prior
- Tekelec Platform Distribution
- 7.4.0-7.7.1
- Tekelec Virtual Operating Environment
- 3.4.0-3.7.1
Threats:
Attacker could exploit these vulnerabilities by executing arbitrary code.
Best practice and Recommendations:
The CERT team encourages users to review Oracle security advisory and apply the necessary updates: