정보센터

보안권고

게시물 상세
Oracle Critical 보안 업데이트 권고
작성자 : a3security  작성일 : 2022.05.02   조회수 : 1178
첨부파일 A3-AEGIS-20220420-01 [MIDDLE] Oracle Critical Patch Update 보안 업데이트 권고.pdf

□ 개요
 o 오라클社 CPU에서 자사 제품의 보안 취약점 520개에 대한 패치 발표 [1]
  CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
 o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 버전

영향받는 제품

패치 관련 문서

Engineered Systems Utilities, versions 12.1.0.2, 19c, 21c

Oracle Autonomous Health Framework

Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0

Enterprise Manager

Enterprise Manager for Peoplesoft, versions 13.4.1.1, 13.5.1.1

Enterprise Manager

Enterprise Manager for Storage Management, version 13.4.0.0

Enterprise Manager

Enterprise Manager Ops Center, version 12.4.0.0

Enterprise Manager

Helidon, versions 1.4.7, 1.4.10, 2.0.0-RC1

Helidon

Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3

Oracle Construction and Engineering Suite

JD Edwards EnterpriseOne Tools, versions prior to 9.2.6.3

JD Edwards

JD Edwards World Security, version A9.4

JD Edwards

Management Cloud Engine, versions 1.5.0 and prior

Oracle Management Cloud Engine

Middleware Common Libraries and Tools, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

MySQL Cluster, versions 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, 8.0.28 and prior

MySQL

MySQL Connectors, versions 8.0.28 and prior

MySQL

MySQL Enterprise Monitor, versions 8.0.29 and prior

MySQL

MySQL Server, versions 5.7.37 and prior, 8.0.28 and prior

MySQL

MySQL Workbench, versions 8.0.28 and prior

MySQL

Oracle Advanced Supply Chain Planning, versions 12.1, 12.2

Oracle Supply Chain Products

Oracle Agile Engineering Data Management, version 6.2.1.0

Oracle Supply Chain Products

Oracle Agile PLM, version 9.3.6

Oracle Supply Chain Products

Oracle Agile PLM MCAD Connector, version 3.6

Oracle Supply Chain Products

Oracle Application Express, versions prior to 22.1

Data

Oracle Application Testing Suite, version 13.3.0.1

Enterprise Manager

Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2

Oracle Supply Chain Products

Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0

Contact Support

Oracle Banking Enterprise Default Management, versions 2.7.1, 2.10.0, 2.12.0

Oracle Banking Platform

Oracle Banking Loans Servicing, version 2.12.0

Contact Support

Oracle Banking Party Management, version 2.7.0

Oracle Banking Platform

Oracle Banking Payments, version 14.5

Contact Support

Oracle Banking Platform, versions 2.6.2, 2.7.1, 2.12.0

Oracle Banking Platform

Oracle Banking Trade Finance, version 14.5

Contact Support

Oracle Banking Treasury Management, version 14.5

Contact Support

Oracle Blockchain Platform, versions prior to 21.1.2

Oracle Blockchain Platform

Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0, 12.2.1.4.0

Oracle Analytics

Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle Coherence, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

Oracle Commerce Guided Search, version 11.3.2

Oracle Commerce

Oracle Communications ASAP, version 7.3

Oracle Communications ASAP

Oracle Communications Billing and Revenue Management, versions 12.0.0.4, 12.0.0.5

Oracle Communications Billing and Revenue Management

Oracle Communications Cloud Native Core Automated Test Suite, versions 1.8.0, 1.9.0, 22.1.0

Oracle Communications Cloud Native Core Automated Test Suite

Oracle Communications Cloud Native Core Binding Support Function, version 1.11.0

Oracle Communications Cloud Native Core Binding Support Function

Oracle Communications Cloud Native Core Console, versions 1.9.0, 22.1.0

Oracle Communications Cloud Native Core Console

Oracle Communications Cloud Native Core Network Exposure Function, version 22.1.0

Oracle Communications Cloud Native Core Network Exposure Function

Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 1.10.0, 22.1.0

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Oracle Communications Cloud Native Core Network Repository Function, versions 1.15.0, 1.15.1, 22.1.0

Oracle Communications Cloud Native Core Network Repository Function

Oracle Communications Cloud Native Core Netw

Oracle Communications Cloud Native Core Netw

Oracle Communications Cloud Native Core Policy, versions 1.14.0, 1.15.0, 22.1.0

Oracle Communications Cloud Native Core Policy

Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 1.7.0, 22.1.0

Oracle Communications Cloud Native Core Security Edge Protection Proxy

Oracle Communications Cloud Native Core Service Communication Proxy, version 1.15.0

Oracle Communications Cloud Native Core Service Communication Proxy

Oracle Communications Cloud Native Core Unified Data Repository, versions 1.15.0, 22.1.0

Oracle Communications Cloud Native Core Unified Data Repository

Oracle Communications Contacts Server, version 8.0.0.6.0

Oracle Communications Contacts Server

Oracle Communications Convergence, versions 3.0.2.2, 3.0.3.0

Oracle Communications Convergence

Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0

Oracle Communications Convergent Charging Controller

Oracle Communications Design Studio, versions 7.3.5, 7.4.0-7.4.2

Oracle Communications Design Studio

Oracle Communications Diameter Intelligence Hub, versions 8.0.0-8.2.3

Oracle Communications Diameter Signaling Router

Oracle Communications Diameter Signaling Router, version 8.4.0.0

Oracle Communications Diameter Signaling Router

Oracle Communications EAGLE Application Processor

Oracle Communications EAGLE Application Processor

Oracle Communications EAGLE Element Management System, version 46.6

Oracle Communications EAGLE Element Management System

Oracle Communications EAGLE FTP Table Base Retri, version 4.5

Oracle Communications EAGLE FTP Table Base Retri

Oracle Communications EAGLE LNP Application Processor, versions 10.1, 10.2

Oracle Communications EAGLE LNP Application Processor

Oracle Communications EAGLE Software, versions 46.7.0, 46.8.0-46.8.2, 46.9.1-46.9.3

Oracle Communications EAGLE (Software)

Oracle Communications Element Manager, versions prior to 9.0

Oracle Communications Element Manager

Oracle Communications Evolved Communications Application Server, version 7.1

Oracle Communications Evolved Communications Application Server

Oracle Communications Instant Messaging Server, version 10.0.1.5.0

Oracle Communications Instant Messaging Server

Oracle Communications Interactive Session Recorder, version 6.4

Oracle Communications Interactive Session Recorder

Oracle Communications IP Service Activator, version 7.4.0

Oracle Communications IP Service Activator

Oracle Communications Messaging Server, version 8.1

Oracle Communications Messaging Server

Oracle Communications MetaSolv Solution, version 6.3.1

Oracle Communications MetaSolv Solution

Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0

Oracle Communications Network Charging and Control

Oracle Communications Network Integrity, versions 7.3.2, 7.3.5, 7.3.6

Oracle Communications Network Integrity

Oracle Communications Operations Monitor, versions 4.3, 4.4, 5.0

Oracle Communications Operations Monitor

Oracle Communications Order and Service Management, versions 7.3, 7.4

Oracle Communications Order and Service Management

Oracle Communications Performance Intelligence Center (PIC) Software, versions 10.3.0.0.0-10.3.0.2.1, 10.4.0.1.0-10.4.0.3.1

Oracle Communications Performance Intelligence Center (PIC) Software

Oracle Communications Policy Management, versions 12.5.0.0.0, 12.6.0.0.0

Oracle Communications Policy Management

Oracle Communications Pricing Design Center, versions 12.0.0.4, 12.0.0.5

Oracle Communications Pricing Design Center

Oracle Communications Services Gatekeeper, version 7.0.0.0.0

Oracle Communications Services Gatekeeper

Oracle Communications Session Border Controller, versions 8.4, 9.0

Oracle Communications Session Border Controller

Oracle Communications Session Report Manager, versions prior to 9.0

Oracle Communications Session Report Manager

Oracle Communications Session Route Manager, versions prior to 9.0

Oracle Communications Session Route Manager

Oracle Communications Unified Inventory Management, versions 7.4.1, 7.4.2

Oracle Communications Unified Inventory Management

Oracle Communications Unified Session Manager, versions 8.2.5, 8.4.5

Oracle Communications Unified Session Manager

Oracle Communications User Data Repository, version 12.4

Oracle Communications User Data Repository

Oracle Communications WebRTC Session Controller, version 7.2.1

Oracle Communications WebRTC Session Controller

Oracle Data Integrator, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle Data Server, versions 12.1.0.2, 19c, 21c

Data

Oracle Documaker, versions 12.6.0, 12.6.2-12.6.4, 12.7.0

Oracle Insurance Applications

Oracle E-Business Suite, versions 12.2.4-12.2.11, [EBS Cloud Manager and Backup Module] prior to 22.1.1.1, [Enterprise Command Center] 7.0, [Enterprise Information Discovery] 7-9

Oracle E-Business Suite

Oracle Enterprise Communications Broker, versions 3.2, 3.3

Oracle Enterprise Communications Broker

Oracle Enterprise Session Border Controller, versions 8.4, 9.0

Oracle Enterprise Session Border Controller

Oracle Ethernet Switch ES1-24, version 1.3.1

Systems

Oracle Ethernet Switch TOR-72, version 1.2.2

Systems

Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6.0-8.0.9.0, 8.1.0.0-8.1.2.0

Oracle Financial Services Analytical Applications Infrastructure

Oracle Financial Services Behavior Detection Platform, versions 8.0.6.0-8.0.8.0, 8.1.1.0, 8.1.1.1, 8.1.2.0

Oracle Financial Services Behavior Detection Platform

Oracle Financial Services Enterprise Case Management, versions 8.0.7.1, 8.0.7.2, 8.0.8.0, 8.0.8.1, 8.1.1.0, 8.1.1.1, 8.1.2.0

Oracle Financial Services Enterprise Case Management

Oracle Financial Services Revenue Management and Billing, versions 2.7.0.0, 2.7.0.1, 2.8.0.0

Oracle Financial Services Revenue Management and Billing

Oracle FLEXCUBE Universal Banking, versions 11.83.3, 12.1-12.4, 14.0-14.3, 14.5

Contact Support

Oracle Global Lifecycle Management OPatch

Global Lifecycle Management

Oracle GoldenGate, versions prior to 12.3.0.1.2, prior to 23.1

Data

Oracle GoldenGate Application Adapters, versions prior to 23.1

Data

Oracle GoldenGate Big Data and Application Adapters, versions prior to 23.1

Data

Oracle GraalVM Enterprise Edition, versions 20.3.5, 21.3.1, 22.0.0.2

Java SE

Oracle Health Sciences Empirica Signal, versions 9.1.0.6, 9.2.0.0

Health Sciences

Oracle Health Sciences InForm, versions 6.2.1.1, 6.3.2.1, 7.0.0.0

Health Sciences

Oracle Health Sciences InForm Publisher, versions 6.2.1.1, 6.3.1.1

Health Sciences

Oracle Health Sciences Information Manager, versions 3.0.1-3.0.4

HealthCare Applications

Oracle Healthcare Data Repository, versions 8.1.0, 8.1.1

HealthCare Applications

Oracle Healthcare Foundation, versions 7.3.0.1-7.3.0.4

HealthCare Applications

Oracle Healthcare Master Person Index, version 5.0.1

HealthCare Applications

Oracle Healthcare Translational Research, versions 4.1.0, 4.1.1

HealthCare Applications

Oracle Hospitality Suite8, versions 8.10.2, 8.11.0-8.14.0

Oracle Hospitality Suite8

Oracle Hospitality Token Proxy Service, version 19.2

Oracle Hospitality Token Proxy Service

Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle Hyperion BI+, versions prior to 11.2.8.0

Oracle Enterprise Performance Management

Oracle Hyperion Calculation Manager, versions prior to 11.2.8.0

Oracle Enterprise Performance Management

Oracle Hyperion Data Relationship Management, versions prior to 11.2.8.0, prior to 11.2.9.0

Oracle Enterprise Performance Management

Oracle Hyperion Financial Management, versions prior to 11.2.8.0

Oracle Enterprise Performance Management

Oracle Hyperion Infrastructure Technology, versions prior to 11.2.8.0

Oracle Enterprise Performance Management

Oracle Hyperion Planning, versions prior to 11.2.8.0

Oracle Enterprise Performance Management

Oracle Hyperion Profitability and Cost Management, versions prior to 11.2.8.0

Oracle Enterprise Performance Management

Oracle Hyperion Tax Provision, versions prior to 11.2.8.0

Oracle Enterprise Performance Management

Oracle Identity Management Suite, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle Identity Manager Connector, versions 9.1.0, 11.1.1.5.0

Fusion Middleware

Oracle iLearning, versions 6.2, 6.3

iLearning

Oracle Insurance Data Gateway, version 1.0.1

Oracle Insurance Applications

Oracle Insurance Insbridge Rating and Underwriting, versions 5.2.0, 5.4.0-5.6.0, 5.6.1

Oracle Insurance Applications

Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0, 11.2.8, 11.3.0, 11.3.1

Oracle Insurance Applications

Oracle Insurance Rules Palette, versions 11.0.2, 11.1.0, 11.2.8, 11.3.0, 11.3.1

Oracle Insurance Applications

Oracle Internet Directory, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle Java SE, versions 7u331, 8u321, 11.0.14, 17.0.2, 18

Java SE

Oracle JDeveloper, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0

Fusion Middleware

Oracle NoSQL Data

NoSQL Data

Oracle Outside In Technology, version 8.5.5

Fusion Middleware

Oracle Payment Interface, versions 19.1, 20.3

Oracle Payment Interface

Oracle Product Lifecycle Analytics, version 3.6.1.0

Oracle Supply Chain Products

Oracle REST Data Services, versions prior to 21.2

Data

Oracle Retail Bulk Data Integration, version 16.0.3

Retail Applications

Oracle Retail Customer Insights, versions 15.0.2, 16.0.2

Retail Applications

Oracle Retail Customer Management and Segmentation Foundation, versions 17.0-19.0

Retail Applications

Oracle Retail Data Extractor for Merchandising, versions 15.0.2, 16.0.2

Retail Applications

Oracle Retail EFTLink, versions 17.0.2, 18.0.1, 19.0.1, 20.0.1, 21.0.0

Retail Applications

Oracle Retail Extract Transform and Load, version 13.2.8

Retail Applications

Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1

Retail Applications

Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1

Retail Applications

Oracle Retail Invoice Matching, version 16.0.3

Retail Applications

Oracle Retail Merchandising System, versions 16.0.3, 19.0.1

Retail Applications

Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1

Retail Applications

Oracle Retail Store Inventory Management, versions 14.0.4.13, 14.1.3.5, 14.1.3.14, 15.0.3.3, 15.0.3.8, 16.0.3.7

Retail Applications

Oracle Retail Xstore Office Cloud Service, versions 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1

Retail Applications

Oracle Retail Xstore Point of Service, versions 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1, 21.0.0

Retail Applications

Oracle SD-WAN Edge, versions 9.0, 9.1

Oracle SD-WAN Edge

Oracle Secure Backup

Oracle Secure Backup

Oracle Secure Global Desktop, version 5.6

Virtualization

Oracle Solaris, version 11

Systems

Oracle Solaris Cluster, version 4

Systems

Oracle SQL Developer, versions prior to 21.99

Data

Oracle StorageTek ACSLS, version 8.5.1

Systems

Oracle StorageTek Tape Analytics (STA), version 2.4

Systems

Oracle Taleo Platform, versions prior to 22.1

Oracle Taleo

Oracle Transportation Management, versions 6.4.3, 6.5.1

Oracle Supply Chain Products

Oracle Tuxedo, version 12.2.2.0.0

Fusion Middleware

Oracle Utilities Framework, versions 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0

Oracle Utilities Applications

Oracle VM VirtualBox, versions prior to 6.1.34

Virtualization

Oracle Web Services Manager, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

Oracle ZFS Storage Appliance Kit, version 8.8

Systems

OSS Support Tools, versions 2.12.42, 18.3

Oracle Support Tools

PeopleSoft Enterprise CS Academic Advisement, version 9.2

PeopleSoft

PeopleSoft Enterprise FIN Cash Management, version 9.2

PeopleSoft

PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59

PeopleSoft

PeopleSoft Enterprise PRTL Interaction Hub, version 9.1

PeopleSoft

Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12

Oracle Construction and Engineering Suite


□ 해결 방안
 o " 사항을 검토하고 벤더 사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

□ 기타 문의사항
 o 한국인터넷진흥원 사이버민원센터: 국번없이 118

[참고사이트]
[1] https://www.oracle.com/security-s/cpuapr2022.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.html
 

□ 작성 : 침해사고분석단 취약점분석팀
이전글 Adobe 보안 취약점 업데이트 권고
다음글 Juniper 제품군 보안 업데이트 권고
리스트
TOPTOP