정보센터

보안권고

게시물 상세
Oracle Critical Patch Updete 보안 업데이트 권고
작성자 : a3security  작성일 : 2022.07.22   조회수 : 1324
첨부파일 A3-AEGIS-20220720-01 [MIDDLE] Oracle Critical Patch Update 보안 업데이트 권고.pdf

 

□ 개요
 o 오라클社 CPU에서 자사 제품의 보안 취약점 349개에 대한 패치 발표 [1]
  CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
 o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 버전

영향받는 제품

패치 관련 문서

Autonomous Health Framework

Oracle Autonomous Health Framework

Big Data Spatial and Graph, versions prior to 23.1

Data

Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0

Enterprise Manager

Enterprise Manager for MySQL Data

Enterprise Manager

Enterprise Manager Ops Center, version 12.4.0.0

Enterprise Manager

JD Edwards EnterpriseOne Orchestrator, versions 9.2.6.3 and prior

JD Edwards

JD Edwards EnterpriseOne Tools, versions 9.2.6.3 and prior

JD Edwards

MySQL Cluster, versions 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior, 8.0.29 and prior, and8.0.29 and prior

MySQL

MySQL Enterprise Monitor, versions 8.0.30 and prior

MySQL

MySQL Server, versions 5.7.38 and prior, 8.0.29 and prior

MySQL

MySQL Shell, versions 8.0.28 and prior

MySQL

MySQL Shell for VS Code, versions 1.1.8 and prior

MySQL

MySQL Workbench, versions 8.0.29 and prior

MySQL

Oracle Agile Engineering Data Management, version 6.2.1.0

Oracle Supply Chain Products

Oracle Agile PLM, version 9.3.6

Oracle Supply Chain Products

Oracle Agile Product Lifecycle Management for Process, versions 6.2.2, 6.2.3

Oracle Supply Chain Products

Oracle Application Express, versions prior to 22.1.1

Data

Oracle Application Testing Suite, version 13.3.0.1

Enterprise Manager

Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2

Oracle Supply Chain Products

Oracle Banking Branch, version 14.5

Contact Support

Oracle Banking Cash Management, version 14.5

Contact Support

Oracle Banking Corporate Lending Process Management, version 14.5

Contact Support

Oracle Banking Credit Facilities Process Management, version 14.5

Contact Support

Oracle Banking Deposits and Lines of Credit Servicing, version 2.7

Contact Support

Oracle Banking Electronic Data Exchange for Corporates, version 14.5

Contact Support

Oracle Banking Liquidity Management, versions 14.2, 14.5

Contact Support

Oracle Banking Origination, version 14.5

Contact Support

Oracle Banking Party Management, version 2.7

Oracle Banking Platform

Oracle Banking Platform, versions 2.6.2, 2.9, 2.12

Oracle Banking Platform

Oracle Banking Supply Chain Finance, version 14.5

Contact Support

Oracle Banking Trade Finance, version 14.5

Contact Support

Oracle Banking Trade Finance Process Management, version 14.5

Contact Support

Oracle Banking Virtual Account Management, version 14.5

Contact Support

Oracle Berkeley DB

Berkeley DB

Oracle BI Publisher, versions 12.2.1.3.0, 12.2.1.4.0

Oracle Analytics

Oracle Blockchain Platform

Oracle Blockchain Platform

Oracle Business Intelligence Enterprise Edition, version 5.9.0.0.0

Oracle Analytics

Oracle Coherence, versions 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

Oracle Commerce Guided Search, version 11.3.2

Oracle Commerce

Oracle Commerce Merchandising, version 11.3.2

Oracle Commerce

Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2

Oracle Commerce

Oracle Communications ASAP, version 7.3

Oracle Communications ASAP

Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.6.0

Oracle Communications Billing and Revenue Management

Oracle Communications BRM - Elastic Charging Engine, versions prior to 12.0.0.4.6, prior to 12.0.0.5.1

Oracle Communications BRM - Elastic Charging Engine

Oracle Communications Cloud Native Core Binding Support Function, versions 22.1.3, 22.2.0

Oracle Communications Cloud Native Core Binding Support Function

Oracle Communications Cloud Native Core Console, versions 22.1.2, 22.2.0

Oracle Communications Cloud Native Core Console

Oracle Communications Cloud Native Core Network Exposure Function, version 22.1.1

Oracle Communications Cloud Native Core Network Exposure Function

Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 22.1.0, 22.1.2, 22.2.0

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Oracle Communications Cloud Native Core Network Repository Function, versions 22.1.2, 22.2.0

Oracle Communications Cloud Native Core Network Repository Function

Oracle Communications Cloud Native Core Netw

Oracle Communications Cloud Native Core Netw

Oracle Communications Cloud Native Core Policy, versions 22.1.3, 22.2.0

Oracle Communications Cloud Native Core Policy

Oracle Communications Cloud Native Core Security Edge Protection Proxy, version 22.1.1

Oracle Communications Cloud Native Core Security Edge Protection Proxy

Oracle Communications Cloud Native Core Service Communication Proxy, version 22.2.0

Oracle Communications Cloud Native Core Service Communication Proxy

Oracle Communications Cloud Native Core Unified Data Repository, version 22.2.0

Oracle Communications Cloud Native Core Unified Data Repository

Oracle Communications Core Session Manager, versions 8.2.5, 8.4.5

Oracle Communications Core Session Manager

Oracle Communications Design Studio, version 7.4.2

Oracle Communications Design Studio

Oracle Communications Instant Messaging Server, version 10.0.1.5.0

Oracle Communications Instant Messaging Server

Oracle Communications IP Service Activator

Oracle Communications IP Service Activator

Oracle Communications Offline Mediation Controller, versions prior to 12.0.0.4.4, prior to 12.0.0.5.1

Oracle Communications Offline Mediation Controller

Oracle Communications Operations Monitor, versions 4.3, 4.4, 5.0

Oracle Communications Operations Monitor

Oracle Communications Session Border Controller, versions 8.4, 9.0, 9.1

Oracle Communications Session Border Controller

Oracle Communications Unified Inventory Management, versions 7.4.1, 7.4.2, 7.5.0

Oracle Communications Unified Inventory Management

Oracle Communications Unified Session Manager, version 8.2.5

Oracle Communications Unified Session Manager

Oracle Crystal Ball, versions 11.1.2.0.0-11.1.2.4.900

Oracle Construction and Engineering Suite

Oracle Data Integrator

Fusion Middleware

Oracle Data Server, versions 12.1.0.2, 19c, 21c

Data

Oracle E-Business Suite, versions 12.2.3-12.2.11

Oracle E-Business Suite

Oracle Enterprise Communications Broker, version 3.3

Oracle Enterprise Communications Broker

Oracle Enterprise Operations Monitor, versions 4.3, 4.4, 5.0

Oracle Enterprise Operations Monitor

Oracle Enterprise Session Border Controller, versions 8.4, 9.0, 9.1

Oracle Enterprise Session Border Controller

Oracle Ess, version 21.3

Data

Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7.0-8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1

Oracle Financial Services Analytical Applications Infrastructure

Oracle Financial Services Behavior Detection Platform, versions 8.0.7.0, 8.0.8.0, 8.1.1.0-8.1.2.1

Oracle Financial Services Behavior Detection Platform

Oracle Financial Services Crime and Compliance Management Studio, versions 8.0.8.2.0, 8.0.8.3.0

Oracle Financial Services Crime and Compliance Management Studio

Oracle Financial Services Enterprise Case Management, versions 8.0.7.1, 8.0.7.2, 8.0.8.0, 8.0.8.1, 8.1.1.0-8.1.2.1

Oracle Financial Services Enterprise Case Management

Oracle Financial Services Revenue Management and Billing, versions 2.9.0.0.0, 2.9.0.1.0, 3.0.0.0.0-3.2.0.0.0, 4.0.0.0.0

Oracle Financial Services Revenue Management and Billing

Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versions 8.0.7.0, 8.0.8.0

Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition

Oracle FLEXCUBE Core Banking, versions 5.2, 11.6-11.8, 11.10

Contact Support

Oracle FLEXCUBE Private Banking, version 12.1

Contact Support

Oracle FLEXCUBE Universal Banking, versions 12.1-12.4, 14.0-14.3, 14.5

Contact Support

Oracle Global Lifecycle Management NextGen OUI Framework, versions prior to 13.9.4.2.10

Fusion Middleware

Oracle Global Lifecycle Management OPatch, versions prior to 12.2.0.1.30

Global Lifecycle Management

Oracle GoldenGate, versions [19c] prior to 19.1.0.0.220719, [21c] prior to 21.7.0.0.0

Data

Oracle GraalVM Enterprise Edition, versions 20.3.6, 21.3.2, 22.1.0

Java SE

Oracle Graph Server and Client, versions prior to 22.2.0

Data

Oracle Health Sciences Data Management Workbench, versions 2.4.8.7, 2.5.2.1, 3.0.0.0, 3.1.0.3

Health Sciences

Oracle Health Sciences Empirica Signal, versions 9.1.0.52, 9.2.0.52

Health Sciences

Oracle Health Sciences Information Manager, versions 3.0.0.1, 3.0.1.0-3.0.5.0

HealthCare Applications

Oracle Healthcare Foundation, versions 8.1.0, 8.2.0, 8.2.1

HealthCare Applications

Oracle Hospitality Cruise Shipboard Property Management System, version 20.2.1

Oracle Hospitality Cruise Shipboard Property Management System

Oracle Hospitality Inventory Management, version 9.1

Oracle Hospitality Inventory Management

Oracle Hospitality Materials Control, version 18.1

Oracle Hospitality Materials Control

Oracle Hospitality OPERA 5, version 5.6

Oracle Hospitality OPERA 5 Property Services

Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle Identity Management Suite

Fusion Middleware

Oracle Identity Manager Connector

Fusion Middleware

Oracle Java SE, versions 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1

Java SE

Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle Middleware Common Libraries and Tools, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle NoSQL Data

NoSQL Data

Oracle Policy Automation, versions 12.2.0-12.2.25

Oracle Policy Automation

Oracle Policy Automation for Mobile Devices, versions 12.2.0-12.2.24

Oracle Policy Automation

Oracle Product Lifecycle Analytics, version 3.6.1

Oracle Supply Chain Products

Oracle REST Data Services, versions prior to 22.1.1

Data

Oracle Retail Allocation, versions 15.0.3.1, 16.0.3

Retail Applications

Oracle Retail Bulk Data Integration, version 16.0.3

Retail Applications

Oracle Retail Customer Insights, versions 15.0.2, 16.0.2

Retail Applications

Oracle Retail Customer Management and Segmentation Foundation, versions 17.0, 18.0, 19.0

Retail Applications

Oracle Retail Extract Transform and Load, version 13.2.5

Retail Applications

Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1

Retail Applications

Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1

Retail Applications

Oracle Retail Merchandising System, versions 16.0.3, 19.0.1

Retail Applications

Oracle Retail Order Broker, versions 18.0, 19.1

Retail Applications

Oracle Retail Pricing, version 19.0.1

Retail Applications

Oracle Retail Sales Audit, versions 15.0.3.1, 16.0.3

Retail Applications

Oracle Retail Xstore Point of Service, versions 17.0.4, 18.0.3, 19.0.2, 20.0.1, 21.0.1

Retail Applications

Oracle SD-WAN Edge, versions 9.0, 9.1

Oracle SD-WAN Edge

Oracle Security Service, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle SOA Suite, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle Solaris, versions 10, 11

Systems

Oracle Spatial Studio, versions prior to 22.1.0

Data

Oracle SQL Developer

Data

Oracle Stream Analytics, versions [19c] prior to 19.1.0.0.6.4

Data

Oracle TimesTen In-Memory Data, versions prior to 22.1.1.1.0

Data

Oracle Transportation Management, version 1.4.4

Oracle Supply Chain Products

Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0

Oracle Utilities Applications

Oracle VM VirtualBox, versions prior to 6.1.36

Virtualization

Oracle WebCenter Content, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle WebCenter Sites Support Tools, versions prior to 4.4.2

Fusion Middleware

Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

Oracle Weblogic Server Proxy Plug-in, versions 12.2.1.3.0, 12.2.1.4.0

Fusion Middleware

Oracle ZFS Storage Appliance Kit, version 8.8

Systems

PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59

PeopleSoft

Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.14, 19.12.0-19.12.13, 20.12.0-20.12.8, 21.12.0-21.12.1

Oracle Construction and Engineering Suite

Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0.0-17.12.20.4, 18.8.0.0-18.8.25.4, 19.12.0.0-19.12.19.0, 20.12.0.0-20.12.14.0, 21.12.0.0-21.12.4.0

Oracle Construction and Engineering Suite

Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12

Oracle Construction and Engineering Suite

Siebel Applications, versions 22.6 and prior

Siebel


□ 해결 방안
 o " 사항을 검토하고 벤더 사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

□ 기타 문의사항
 o 한국인터넷진흥원 사이버민원센터: 국번없이 118

[참고사이트]
[1] https://www.oracle.com/security-s/cpujul2022.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.html
 

□ 작성 : 침해사고분석단 취약점분석팀

 
이전글 Apache Spark 보안 업데이트 권고
다음글 CPU 칩셋 취약점(Retbleed) 보안 업데이트 권고
리스트
TOPTOP