Your review has been sent successfully

Oracle Update

3028
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Most Viewed Warnings

Dell EMC Alert

● Critical

F5 Alert

● High

IBM Alert

● Critical

Fortinet Alert

● High

Red Hat Alert

● High

حملات تصيدية تستهدف مايكروسوفت تيمز (Microsoft Teams)

● High

Warning Date

Severity Level

Warning Number

Target Sector

21 April, 2021

● Critical

2021-2804

All

Description:

Oracle has released a security update to address several vulnerabilities in the following products:

  • Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite, versions 3.5, 3.6
  • Agile Product Lifecycle Management Integration Pack for SAP: Design to Release, versions 3.5, 3.6
  • Enterprise Manager Base Platform, version 13.4.0.0
  • Enterprise Manager for Fusion Middleware, versions 12.2.1.4, 13.4.0.0
  • Enterprise Manager for Virtualization, version 13.4.0.0
  • Enterprise Manager Ops Center, version 12.4.0.0
  • FMW Platform, versions 12.2.1.3.0, 12.2.1.4.0
  • Hyperion Analytic Provider Services, versions 11.1.2.4, 12.2.1.4
  • Hyperion Financial Management, version 11.1.2.4
  • Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3
  • JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.5.3
  • JD Edwards EnterpriseOne Tools, versions prior to 9.2.4.0, prior to 9.2.5.3
  • JD Edwards World Security, version A9.4
  • MySQL Cluster, versions 8.0.23 and prior
  • MySQL Enterprise Monitor, versions 8.0.23 and prior
  • MySQL Server, versions 5.7.33 and prior, 8.0.23 and prior
  • MySQL Workbench, versions 8.0.23 and prior
  • Oracle Advanced Supply Chain Planning, versions 12.1, 12.2
  • Oracle Agile PLM, versions 9.3.3, 9.3.5, 9.3.6
  • Oracle API Gateway, version 11.1.2.4.0
  • Oracle Application Express, versions prior to 20.2
  • Oracle Application Testing Suite, version 13.3.0.1
  • Oracle BAM (Business Activity Monitoring), versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Banking Platform, versions 2.4.0, 2.6.2, 2.7.0, 2.7.1, 2.8.0, 2.9.0, 2.10.0
  • Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Cloud Infrastructure Storage Gateway, versions prior to 1.4
  • Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
  • Oracle Commerce Guided Search, versions 11.3.0, 11.3.1, 11.3.2
  • Oracle Commerce Merchandising, versions 0, 11.0.0, 11.1, 11.2.0, 11.3.0, 11.3.1, 11.3.2
  • Oracle Communications Application Session Controller, version 3.9m0p3
  • Oracle Communications Calendar Server, version 8.0
  • Oracle Communications Contacts Server, version 8.0
  • Oracle Communications Converged Application Server - Service Controller, version 6.2
  • Oracle Communications Design Studio, version 7.4.2
  • Oracle Communications Interactive Session Recorder, versions 6.3, 6.4
  • Oracle Communications Messaging Server, versions 8.0.2, 8.1, 8.1.0
  • Oracle Communications MetaSolv Solution, versions 6.3.0, 6.3.1
  • Oracle Communications Performance Intelligence Center Software, versions 10.4.0.2, 10.4.0.3
  • Oracle Communications Services Gatekeeper, versions 6.0, 6.1, 7.0
  • Oracle Communications Session Border Controller, versions Cz8.2, Cz8.3, Cz8.4
  • Oracle Communications Session Router, versions Cz8.2, Cz8.3, Cz8.4
  • Oracle Communications Subscriber-Aware Load Balancer, versions Cz8.2, Cz8.3, Cz8.4
  • Oracle Communications Unified Inventory Management, versions 7.3.4, 7.3.5, 7.4.0, 7.4.1
  • Oracle Communications Unified Session Manager, version SCz8.2.5
  • Oracle Database Server, versions 12.1.0.2, 12.2.0.1, 18c, 19c
  • Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10
  • Oracle Endeca Information Discovery Studio, version 3.2.0.0
  • Oracle Enterprise Communications Broker, versions PCZ3.1, PCZ3.2, PCZ3.3
  • Oracle Enterprise Repository, version 11.1.1.7.0
  • Oracle Enterprise Session Border Controller, versions Cz8.2, Cz8.3, Cz8.4
  • Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0
  • Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3
  • Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0
  • Oracle Fusion Middleware, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Fusion Middleware MapViewer, version 12.2.1.4.0
  • Oracle Global Lifecycle Management OPatch, versions prior to 12.2.0.1.22
  • Oracle GraalVM Enterprise Edition, versions 19.3.5, 20.3.1.2, 21.0.0.2
  • Oracle Graph Server and Client
  • Oracle Health Sciences Empirica Signal, versions 9.0, 9.1
  • Oracle Health Sciences Information Manager, versions 3.0.0-3.0.2
  • Oracle Healthcare Foundation, versions 7.1.5, 7.2.2, 7.3.0, 7.3.1, 8.0.1
  • Oracle Hospitality Cruise Shipboard Property Management System, version 20.1.0
  • Oracle Hospitality Inventory Management, version 9.1.0
  • Oracle Hospitality OPERA 5, versions 5.5, 5.6
  • Oracle Hospitality RES 3700, versions 5.7.0-5.7.6
  • Oracle HTTP Server, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Identity Manager Connector, version 11.1.1.5.0
  • Oracle iLearning, versions 6.2, 6.3
  • Oracle Insurance Data Gateway, version 1.0.2.3
  • Oracle Java SE, versions 7u291, 8u281, 11.0.10, 16
  • Oracle Java SE Embedded, version 8u281
  • Oracle NoSQL Database, versions prior to 20.3
  • Oracle Outside In Technology, version 8.5.5
  • Oracle Platform Security for Java, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Rapid Planning, version 12.1.3
  • Oracle REST Data Services, versions prior to 20.4.3.50.1904
  • Oracle Retail Advanced Inventory Planning, version 14.1
  • Oracle Retail Assortment Planning, version 16.0.3
  • Oracle Retail Back Office, version 14.1
  • Oracle Retail Category Management Planning & Optimization, version 16.0.3
  • Oracle Retail Central Office, version 14.1
  • Oracle Retail EFTLink, versions 15.0.2, 16.0.3, 17.0.2, 18.0.1, 19.0.1, 20.0.0
  • Oracle Retail Insights Cloud Service Suite, version 19.0
  • Oracle Retail Item Planning, version 16.0.3
  • Oracle Retail Macro Space Optimization, version 16.0.3
  • Oracle Retail Merchandise Financial Planning, version 16.0.3
  • Oracle Retail Merchandising System, version 16.0.3
  • Oracle Retail Point-of-Service, version 14.1
  • Oracle Retail Predictive Application Server, versions 14.1, 15.0, 16.0
  • Oracle Retail Regular Price Optimization, version 16.0.3
  • Oracle Retail Replenishment Optimization, version 16.0.3
  • Oracle Retail Returns Management, version 14.1
  • Oracle Retail Sales Audit, version 14.0
  • Oracle Retail Size Profile Optimization, version 16.0.3
  • Oracle Retail Store Inventory Management, versions 14.1.3.10, 15.0.3.5, 16.0.3.5
  • Oracle Retail Xstore Point of Service, versions 15.0.4, 16.0.6, 17.0.4, 18.0.3, 19.0.2
  • Oracle SD-WAN Aware, version 8.2
  • Oracle SD-WAN Edge, versions 8.2, 9.0
  • Oracle Secure Backup
  • Oracle Secure Global Desktop, version 5.6
  • Oracle Security Service, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Service Bus, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Solaris, versions 10, 11
  • Oracle Spatial Studio, versions prior to 19.1.0, prior to 20.1.1
  • Oracle SQL Developer, versions prior to 20.4.1.407.6
  • Oracle Storage Cloud Software Appliance, versions prior to 16.3.1.4.2
  • Oracle TimesTen In-Memory Database
  • Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0
  • Oracle VM VirtualBox, versions prior to 6.1.20
  • Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0
  • Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
  • Oracle WebLogic Server Proxy Plug-In, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle ZFS Storage Appliance Kit, version 8.8
  • OSS Support Tools, versions prior to 2.12.41
  • PeopleSoft Enterprise CS Campus Community, version 9.2
  • PeopleSoft Enterprise FIN Common Application Objects, version 9.2
  • PeopleSoft Enterprise FIN Expenses, version 9.2
  • PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58
  • PeopleSoft Enterprise PT PeopleTools, versions 8.56, 8.57, 8.58
  • PeopleSoft Enterprise SCM eProcurement, version 9.2
  • PeopleSoft Enterprise SCM Purchasing, version 9.2
  • Primavera Gateway, versions 17.12.0-17.12.10
  • Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12, 20.12
  • Siebel Applications, versions 21.2 and prior

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Denial of service attack (DoS)
  • Unauthorized disclosure of information
  • Unauthorized modification

Best practice and Recommendations:

The CERT team encourages users to review Oracle security advisory and apply the necessary updates:

Last updated at 21 April, 2021

Rate the content

rate-icon
up icon