에이쓰리시큐리티

정보센터

정보센터
보안권고

보안권고

작성자 : a3security 작성일 : 2021.10.26 조회수 : 562

첨부파일

A3-AEGIS-20211020-02 [MIDDLE] Oracle Critical Patch Update 보안 업데이트 권고.pdf

□ 개요
o 오라클社 CPU에서 자사 제품의 보안 취약점 419개에 대한 패치 발표 [1]
※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 버전

영향받는 제품	패치 관련 문서
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0	Enterprise Manager
Enterprise Manager for Oracle Data, version 13.4.0.0	Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0	Enterprise Manager
Ess Administration Services, versions prior to 11.1.2.4.46	Data
Hyperion Financial Management, versions 11.1.2.4, 11.2.6.0	Fusion Middleware
Hyperion Financial Reporting, versions 11.1.2.4, 11.2.6.0	Fusion Middleware
Hyperion Infrastructure Technology, version 11.2.6.0	Fusion Middleware
Hyperion Planning, versions 11.1.2.4, 11.2.6.0	Fusion Middleware
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3	Oracle Construction and Engineering Suite
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.6.0	JD Edwards
JD Edwards EnterpriseOne Tools, versions prior to 9.2.6.0	JD Edwards
JD Edwards World Security, version A9.4	JD Edwards
MySQL Client, versions 8.0.26 and prior	MySQL
MySQL Cluster, versions 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, 8.0.26 and prior	MySQL
MySQL Connectors, versions 8.0.26 and prior	MySQL
MySQL Enterprise Monitor, versions 8.0.25 and prior	MySQL
MySQL Server, versions 5.7.35 and prior, 8.0.26 and prior	MySQL
MySQL Workbench, versions 8.0.26 and prior	MySQL
Oracle Agile PLM, versions 9.3.3, 9.3.6	Oracle Supply Chain Products
Oracle Application Express, versions prior to 21.1.0	Data
Oracle Application Testing Suite, version 13.3.0.1	Enterprise Manager
Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2	Oracle Supply Chain Products
Oracle Banking Cash Management, versions 14.2, 14.3, 14.5	Contact Support
Oracle Banking Corporate Lending Process Management, versions 14.2, 14.3, 14.5	Contact Support
Oracle Banking Credit Facilities Process Management, versions 14.2, 14.3, 14.5	Contact Support
Oracle Banking Enterprise Default Management, versions 2.10.0, 2.12.0	Oracle Banking Platform
Oracle Banking Extensibility Workbench, versions 14.2, 14.3, 14.5	Contact Support
Oracle Banking Platform, versions 2.6.2, 2.7.1, 2.9.0, 2.12.0	Oracle Banking Platform
Oracle Banking Supply Chain Finance, versions 14.2, 14.3, 14.5	Contact Support
Oracle Banking Trade Finance Process Management, versions 14.2, 14.3, 14.5	Contact Support
Oracle Banking Virtual Account Management, versions 14.2, 14.3, 14.5	Contact Support
Oracle Business Activity Monitoring, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2	Oracle Commerce
Oracle Commerce Merchandising, version 11.3.2	Oracle Commerce
Oracle Communications Application Session Controller, version 3.9	Oracle Communications Application Session Controller
Oracle Communications Billing and Revenue Management, versions 7.5.0.0.0, 12.0.0.3.0	Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, version 12.0.0.3	Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Calendar Server, version 8.0.0.6.0	Oracle Communications Calendar Server
Oracle Communications Cloud Native Core Network Repository Function, version 1.14.0	Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Policy, version 1.11.0	Communications Cloud Native Core Policy
Oracle Communications Control Plane Monitor, versions 3.4, 4.2, 4.3, 4.4	Oracle Communications Control Plane Monitor
Oracle Communications Converged Application Server - Service Controller, version 6.2	Oracle Communications Converged Application Server - Service Controller
Oracle Communications Design Studio, version 7.4.2	Oracle Communications Design Studio
Oracle Communications Diameter Signaling Router, versions 8.0.0.0-8.5.0.0	Oracle Communications Diameter Signaling Router
Oracle Communications EAGLE	Oracle Communications EAGLE
Oracle Communications EAGLE FTP Table Base Retri, version 4.5	Oracle Communications EAGLE FTP Table Base Retri
Oracle Communications EAGLE LNP Application Processor, versions 46.7, 46.8, 46.9	Oracle Communications EAGLE LNP Application Processor
Oracle Communications Element Manager, versions 8.2.0.0-8.2.4.0	Oracle Communications Element Manager
Oracle Communications Fraud Monitor, versions 3.4-4.4	Oracle Communications Fraud Monitor
Oracle Communications Interactive Session Recorder, version 6.4	Oracle Communications Interactive Session Recorder
Oracle Communications LSMS, versions 13.1-13.4	Oracle Communications LSMS
Oracle Communications Messaging Server, version 8.1	Oracle Communications Messaging Server
Oracle Communications MetaSolv Solution, version 6.3.1	Oracle Communications MetaSolv Solution
Oracle Communications Offline Mediation Controller, version 12.0.0.3.0	Oracle Communications Offline Mediation Controller
Oracle Communications Operations Monitor, versions 3.4, 4.2, 4.3, 4.4	Oracle Communications Operations Monitor
Oracle Communications Policy Management, version 12.5.0	Oracle Communications Policy Management
Oracle Communications Pricing Design Center, version 12.0.0.3.0	Oracle Communications Pricing Design Center
Oracle Communications Services Gatekeeper, version 7.0	Oracle Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions 8.4, 9.0	Oracle Communications Session Border Controller
Oracle Communications Session Report Manager, versions 8.0.0.0-8.2.5.0	Oracle Communications Session Report Manager
Oracle Communications Session Route Manager, versions 8.0.0.0-8.2.5.0	Oracle Communications Session Route Manager
Oracle Data Integrator, version 12.2.1.4.0	Fusion Middleware
Oracle Data Server, versions 12.1.0.2, 12.2.0.1, 19c, 21c	Data
Oracle Documaker, versions 12.6.0-12.6.4	Oracle Insurance Applications
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10	Oracle E-Business Suite
Oracle Enterprise Communications Broker, versions 3.2, 3.3	Oracle Enterprise Communications Broker
Oracle Enterprise Repository, version 11.1.1.7.0	Fusion Middleware
Oracle Enterprise Telephony Fraud Monitor, versions 3.4, 4.2, 4.3, 4.4	Oracle Enterprise Telephony Fraud Monitor
Oracle Ethernet Switch ES2-64, Oracle Ethernet Switch ES2-72, version 2.0.0.14	Systems
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.1	Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Enterprise Case Management, versions 8.0.7.2.0, 8.0.8.1.0	Contact Support
Oracle Financial Services Model Management and Governance, versions 8.0.8.0.0-8.1.0.0.0	Oracle Financial Services Model Management and Governance
Oracle FLEXCUBE Core Banking, versions 11.7, 11.8, 11.9, 11.10	Contact Support
Oracle Global Lifecycle Management OPatch	Global Lifecycle Management
Oracle GoldenGate, versions prior to 19.1.0.0.0.210420	Data
Oracle GoldenGate Application Adapters, version 19.1.0.0.0	Fusion Middleware
Oracle GraalVM Enterprise Edition, versions 20.3.3, 21.2.0	Java SE
Oracle Graph Server and Client, versions prior to 21.3.0	Data
Oracle Health Sciences Central Coding, versions 6.2.0, 6.3.0	Health Sciences
Oracle Health Sciences InForm, version 6.3.0	Health Sciences
Oracle Healthcare Data Repository, versions 7.0.2, 8.1.0	Health Sciences
Oracle Healthcare Foundation, versions 7.3, 8.0, 8.1	Health Sciences
Oracle Hospitality Cruise Shipboard Property Management System, version 20.1.0	Oracle Hospitality Cruise Shipboard Property Management System
Oracle HTTP Server, versions 11.1.1.9.0, 12.2.1.4.0	Fusion Middleware
Oracle Insurance Calculation Engine, versions 11.0.0-11.3.1	Oracle Insurance Applications
Oracle Insurance Policy Administration, versions 11.0.0-11.3.1	Oracle Insurance Applications
Oracle Java SE, versions 7u311, 8u301, 11.0.12, 17	Java SE
Oracle NoSQL Data	NoSQL Data
Oracle Outside In Technology, version 8.5.5	Fusion Middleware
Oracle Real User Experience Insight, versions 13.4.1.0, 13.5.1.0	Enterprise Manager
Oracle Real-Time Decision Server, versions 3.2.0.0, 11.1.1.9.0	Fusion Middleware
Oracle REST Data Services, versions prior to 21.3	Data
Oracle Retail Advanced Inventory Planning, versions 14.1, 15.0, 16.0	Retail Applications
Oracle Retail Assortment Planning, version 16.0	Retail Applications
Oracle Retail Back Office, versions 14.0, 14.1	Retail Applications
Oracle Retail Bulk Data Integration, versions 16.0.3, 19.0.1	Retail Applications
Oracle Retail Central Office, versions 14.0, 14.1	Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0-19.0	Retail Applications
Oracle Retail Extract Transform and Load, version 13.2.8	Retail Applications
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.4.0, 16.0.3.0	Retail Applications
Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.4.0, 16.0.3.0, 19.0.1.0	Retail Applications
Oracle Retail Merchandising System, versions 15.0.3, 19.0.1	Retail Applications
Oracle Retail Point-of-Service, versions 14.0, 14.1	Retail Applications
Oracle Retail Predictive Application Server, versions 14.1.3, 15.0.3, 16.0.3	Retail Applications
Oracle Retail Returns Management, versions 14.0, 14.1	Retail Applications
Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.4.0, 16.0.3.0, 19.0.1.0	Retail Applications
Oracle Retail Store Inventory Management, versions 14.1, 15.0, 16.0	Retail Applications
Oracle Secure Backup, versions prior to 18.1.0.1.0	Oracle Secure Backup
Oracle Secure Global Desktop, version 5.6	Virtualization
Oracle Solaris, version 11	Systems
Oracle Spatial Studio	Data
Oracle SQL Developer	Data
Oracle Transportation Management, version 6.4.3	Oracle Supply Chain Products
Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0	Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.28	Virtualization
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle WebLogic Server Proxy Plug-In, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8	Systems
PeopleSoft Enterprise CC Common Application Objects, version 9.2	PeopleSoft
PeopleSoft Enterprise CS Academic Advisement, version 9.2	PeopleSoft
PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2	PeopleSoft
PeopleSoft Enterprise CS SA Integration Pack, versions 9.0, 9.2	PeopleSoft
PeopleSoft Enterprise CS Student Records, version 9.2	PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.57, 8.58, 8.59	PeopleSoft
PeopleSoft Enterprise SCM, version 9.2	PeopleSoft
Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.12, 19.12.0-19.12.11, 20.12.0-20.12.7	Oracle Construction and Engineering Suite
Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12	Oracle Construction and Engineering Suite
Siebel Applications, versions 21.9 and prior	Siebel
Tekelec Platform Distribution, versions 7.4.0-7.7.1	Tekelec Platform Distribution
Tekelec Virtual Operating Environment, versions 3.4.0-3.7.1	Tekelec Virtual Operating Environment

□ 해결 방안
o " 2021“ 문서 및 패치 사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

□ 기타 문의사항
o 한국인터넷진흥원 사이버민원센터: 국번없이 118

[참고사이트]
[1] https://www.oracle.com/security-s/cpuoct2021.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.

□ 작성 : 침해사고분석단 취약점분석팀

다후아(Dahua) 카메라 제품 보안 업데이트 권고

IP카메라, 웹캠, 월패드 등 스마트홈 기기 보안 주의 권고

리스트

(주)에이쓰리시큐리티
대표자 : 한재호
사업자등록번호 : 172-81-00570
통신판매신고번호 : 제2011-서울금천-0931호
07281 서울 영등포구 선유로9길 10 (문래동6가, 문래 SK V1 center) 1710-11호
대표전화 : 02-6952-2511
팩스 : 02-6952-8662

TOP