Your review has been sent successfully

Oracle Update

1804
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

21 October, 2020

● Critical

2020-1960

All

Description:

Oracle has released a security update to address several vulnerabilities in the following products:

  • Application Performance Management (APM), versions 13.3.0.0, 13.4.0.0
  • Big Data Spatial and Graph, versions prior to 3.0
  • Enterprise Manager Base Platform, versions 13.2.1.0, 13.3.0.0, 13.4.0.0
  • Enterprise Manager for Peoplesoft, version 13.4.1.1
  • Enterprise Manager for Storage Management, versions 13.3.0.0, 13.4.0.0
  • Enterprise Manager Ops Center, version 12.4.0.0
  • Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2362, prior to XCP3090
  • Fujitsu M12-1, M12-2, M12-2S Servers, versions prior to XCP3090
  • Hyperion Analytic Provider Services, version 11.1.2.4
  • Hyperion BI+, version 11.1.2.4
  • Hyperion Essbase, version 11.1.2.4
  • Hyperion Infrastructure Technology, version 11.1.2.4
  • Hyperion Lifecycle Management, version 11.1.2.4
  • Hyperion Planning, version 11.1.2.4
  • Identity Manager Connector, version 9.0
  • Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3
  • Management Pack for Oracle GoldenGate, version 12.2.1.2.0
  • MySQL Cluster, versions 7.3.30 and prior, 7.4.29 and prior, 7.5.19 and prior, 7.6.15 and prior, 8.0.21 and prior
  • MySQL Enterprise Monitor, versions 8.0.21 and prior
  • MySQL Server, versions 5.6.49 and prior, 5.7.31 and prior, 8.0.21 and prior
  • MySQL Workbench, versions 8.0.21 and prior
  • Oracle Access Manager, version 11.1.2.3.0
  • Oracle Agile PLM, versions 9.3.3, 9.3.5, 9.3.6
  • Oracle Agile Product Lifecycle Management for Process, version 6.2.0.0
  • Oracle Application Express, versions prior to 20.2
  • Oracle Application Testing Suite, version 13.3.0.1
  • Oracle Banking Corporate Lending, versions 12.3.0, 14.0.0-14.4.0
  • Oracle Banking Digital Experience, versions 18.1, 18.2, 18.3, 19.1, 19.2, 20.1
  • Oracle Banking Payments, versions 14.1.0-14.4.0
  • Oracle Banking Platform, versions 2.4.0-2.10.0
  • Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0
  • Oracle Communications Application Session Controller, versions 3.8m0, 3.9m0p1
  • Oracle Communications Billing and Revenue Management, versions 7.5.0.23.0, 12.0.0.2.0, 12.0.0.3.0
  • Oracle Communications BRM - Elastic Charging Engine, versions 11.3.0.9.0, 12.0.0.3.0
  • Oracle Communications Diameter Signaling Router (DSR), versions 8.0.0.0-8.4.0.5, [IDIH] 8.0.0-8.2.2
  • Oracle Communications EAGLE Software, versions 46.6.0-46.8.2
  • Oracle Communications Element Manager, versions 8.2.0-8.2.2
  • Oracle Communications Evolved Communications Application Server, version 7.1
  • Oracle Communications Messaging Server, version 8.1
  • Oracle Communications Offline Mediation Controller, version 12.0.0.3.0
  • Oracle Communications Services Gatekeeper, version 7
  • Oracle Communications Session Border Controller, versions 8.2-8.4
  • Oracle Communications Session Report Manager, versions 8.2.0-8.2.2
  • Oracle Communications Session Route Manager, versions 8.2.0-8.2.2
  • Oracle Communications Unified Inventory Management, versions 7.3.0, 7.4.0
  • Oracle Communications WebRTC Session Controller, version 7.2
  • Oracle Data Integrator, versions 11.1.1.9.0, 12.2.1.3.0
  • Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c
  • Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10
  • Oracle Endeca Information Discovery Integrator, version 3.2.0
  • Oracle Endeca Information Discovery Studio, version 3.2.0
  • Oracle Enterprise Repository, version 11.1.1.7.0
  • Oracle Enterprise Session Border Controller, version 8.4
  • Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0
  • Oracle Financial Services Analytical Applications Reconciliation Framework, versions 8.0.6-8.0.8, 8.1.0
  • Oracle Financial Services Asset Liability Management, versions 8.0.6, 8.0.7, 8.1.0
  • Oracle Financial Services Balance Sheet Planning, version 8.0.8
  • Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, versions 8.0.6-8.0.8, 8.1.0
  • Oracle Financial Services Basel Regulatory Capital Basic, versions 8.0.6-8.0.8, 8.1.0
  • Oracle Financial Services Data Foundation, versions 8.0.6-8.1.0
  • Oracle Financial Services Data Governance for US Regulatory Reporting, versions 8.0.6-8.0.9
  • Oracle Financial Services Data Integration Hub, versions 8.0.6, 8.0.7, 8.1.0
  • Oracle Financial Services Funds Transfer Pricing, versions 8.0.6, 8.0.7, 8.1.0
  • Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.6-8.0.8, 8.1.0
  • Oracle Financial Services Institutional Performance Analytics, versions 8.0.6, 8.0.7, 8.1.0, 8.7.0
  • Oracle Financial Services Liquidity Risk Management, version 8.0.6
  • Oracle Financial Services Liquidity Risk Measurement and Management, versions 8.0.7, 8.0.8, 8.1.0
  • Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.6-8.0.8, 8.1.0
  • Oracle Financial Services Market Risk Measurement and Management, versions 8.0.6, 8.0.8, 8.1.0
  • Oracle Financial Services Price Creation and Discovery, versions 8.0.6, 8.0.7
  • Oracle Financial Services Profitability Management, versions 8.0.6, 8.0.7, 8.1.0
  • Oracle Financial Services Regulatory Reporting for European Banking Authority, versions 8.0.6-8.1.0
  • Oracle Financial Services Regulatory Reporting for US Federal Reserve, versions 8.0.6-8.0.9
  • Oracle Financial Services Regulatory Reporting with AgileREPORTER, version 8.0.9.2.0
  • Oracle Financial Services Retail Customer Analytics, version 8.0.6
  • Oracle FLEXCUBE Core Banking, versions 5.2.0, 11.5.0-11.7.0
  • Oracle FLEXCUBE Direct Banking, versions 12.0.1, 12.0.2, 12.0.3
  • Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0
  • Oracle GoldenGate Application Adapters, versions 12.3.2.1.0, 19.1.0.0.0
  • Oracle FLEXCUBE Universal Banking, versions 12.3.0, 14.0.0-14.4.0
  • Oracle GraalVM Enterprise Edition, versions 19.3.3, 20.2.0
  • Oracle Health Sciences Empirica Signal, version 9.0
  • Oracle Healthcare Data Repository, version 7.0.1
  • Oracle Healthcare Foundation, versions 7.1.1, 7.2.0, 7.2.1, 7.3.0
  • Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1
  • Oracle Hospitality Materials Control, version 18.1
  • Oracle Hospitality OPERA 5 Property Services, versions 5.5, 5.6
  • Oracle Hospitality Reporting and Analytics, version 9.1.0
  • Oracle Hospitality RES 3700, version 5.7
  • Oracle Hospitality Simphony, versions 18.1, 18.2, 19.1.0-19.1.2
  • Oracle Hospitality Suite8, versions 8.10.2, 8.11-8.15
  • Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0
  • Oracle Insurance Accounting Analyzer, version 8.0.9
  • Oracle Insurance Allocation Manager for Enterprise Profitability, versions 8.0.8, 8.1.0
  • Oracle Insurance Data Foundation, versions 8.0.6-8.1.0
  • Oracle Insurance Insbridge Rating and Underwriting, versions 5.0.0.0-5.6.0.0, 5.6.1.0
  • Oracle Insurance Policy Administration J2EE, versions 10.2.0.37, 10.2.4.12, 11.0.2.25, 11.1.0.15, 11.2.0.26, 11.2.2.0
  • Oracle Insurance Rules Palette, versions 10.2.0.37, 10.2.4.12, 11.0.2.25, 11.1.0.15, 11.2.0.26
  • Oracle Java SE, versions 7u271, 8u261, 11.0.8, 15
  • Oracle Java SE Embedded, version 8u261
  • Oracle JDeveloper, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0
  • Oracle Outside In Technology, versions 8.5.4, 8.5.5
  • Oracle Policy Automation, versions 12.2.0-12.2.20
  • Oracle Policy Automation Connector for Siebel, version 10.4.6
  • Oracle Policy Automation for Mobile Devices, versions 12.2.0-12.2.20
  • Oracle REST Data Services, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, [Standalone ORDS] prior to 20.2.1
  • Oracle Retail Advanced Inventory Planning, version 14.1
  • Oracle Retail Assortment Planning, versions 15.0.3.0, 16.0.3.0
  • Oracle Retail Back Office, versions 14.0, 14.1
  • Oracle Retail Central Office, versions 14.0, 14.1
  • Oracle Retail Customer Management and Segmentation Foundation, versions 18.0, 19.0
  • Oracle Retail Integration Bus, versions 14.1, 15.0, 16.0
  • Oracle Retail Order Broker, versions 15.0, 16.0, 18.0, 19.0, 19.1, 19.2, 19.3
  • Oracle Retail Point-of-Service, versions 14.0, 14.1
  • Oracle Retail Predictive Application Server, versions 14.1.3.0, 15.0.3.0, 16.0.3.0
  • Oracle Retail Price Management, versions 14.0.4, 14.1.3.0, 15.0.3.0, 16.0.3.0
  • Oracle Retail Returns Management, versions 14.0, 14.1
  • Oracle Retail Service Backbone, versions 14.1, 15.0, 16.0
  • Oracle Retail Xstore Point of Service, versions 15.0.3, 16.0.5, 17.0.3, 18.0.2, 19.0.1
  • Oracle Solaris, versions 10, 11
  • Oracle TimesTen In-Memory Database, versions prior to 11.2.2.8.49, prior to 18.1.3.1.0, prior to 18.1.4.1.0
  • Oracle Transportation Management, version 6.3.7
  • Oracle Utilities Framework, versions 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0
  • Oracle VM VirtualBox, versions prior to 6.1.16
  • Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
  • Oracle ZFS Storage Appliance Kit, version 8.8
  • PeopleSoft Enterprise HCM Global Payroll Core, version 9.2
  • PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58
  • PeopleSoft Enterprise SCM eSupplier Connection, version 9.2
  • Primavera Gateway, versions 16.2.0-16.2.11, 17.12.0-17.12.8
  • Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12
  • Siebel Applications, versions 20.7, 20.8

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Denial of service attack (DoS)
  • Execute arbitrary code
  • Code injection -remotely

Best practice and Recommendations:

The CERT team encourages users to review Oracle security advisory and apply the necessary updates:

Last updated at 21 October, 2020

Rate the content

rate-icon
up icon