[IT 알아보기]/보안 이슈

[보안 이슈] Oracle Critical Patch Update 보안 업데이트 권고

이호스트ICT 2021. 4. 27. 13:35

□ 개요
 o 오라클社 CPU에서 자사 제품의 보안 취약점 390개에 대한 패치 발표 [1]
  ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
 o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 버전

영향받는 제품 패치 관련 문서
Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite, versions 3.5, 3.6 Oracle Supply Chain Products
Agile Product Lifecycle Management Integration Pack for SAP: Design to Release, versions 3.5, 3.6 Oracle Supply Chain Products
Enterprise Manager Base Platform, version 13.4.0.0 Enterprise Manager
Enterprise Manager for Fusion Middleware, versions 12.2.1.4, 13.4.0.0 Enterprise Manager
Enterprise Manager for Virtualization, version 13.4.0.0 Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0 Enterprise Manager
FMW Platform, versions 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Hyperion Analytic Provider Services, versions 11.1.2.4, 12.2.1.4 Fusion Middleware
Hyperion Financial Management, version 11.1.2.4 Fusion Middleware
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3 Oracle Construction and Engineering Suite
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.5.3 JD Edwards
JD Edwards EnterpriseOne Tools, versions prior to 9.2.4.0, prior to 9.2.5.3 JD Edwards
JD Edwards World Security, version A9.4 JD Edwards
MySQL Cluster, versions 8.0.23 and prior MySQL
MySQL Enterprise Monitor, versions 8.0.23 and prior MySQL
MySQL Server, versions 5.7.33 and prior, 8.0.23 and prior MySQL
MySQL Workbench, versions 8.0.23 and prior MySQL
Oracle Advanced Supply Chain Planning, versions 12.1, 12.2 Oracle Supply Chain Products
Oracle Agile PLM, versions 9.3.3, 9.3.5, 9.3.6 Oracle Supply Chain Products
Oracle API Gateway, version 11.1.2.4.0 Fusion Middleware
Oracle Application Express, versions prior to 20.2 Database
Oracle Application Testing Suite, version 13.3.0.1 Enterprise Manager
Oracle BAM (Business Activity Monitoring), versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle Banking Platform, versions 2.4.0, 2.6.2, 2.7.0, 2.7.1, 2.8.0, 2.9.0, 2.10.0 Oracle Banking Platform
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle Cloud Infrastructure Storage Gateway, versions prior to 1.4 Contact Support
Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Commerce Guided Search, versions 11.3.0, 11.3.1, 11.3.2 Oracle Commerce
Oracle Commerce Merchandising, versions 0, 11.0.0, 11.1, 11.2.0, 11.3.0, 11.3.1, 11.3.2 Oracle Commerce
Oracle Communications Application Session Controller, version 3.9m0p3 Oracle Communications Application Session Controller
Oracle Communications Calendar Server, version 8.0 Oracle Communications Calendar Server
Oracle Communications Contacts Server, version 8.0 Oracle Communications Contacts Server
Oracle Communications Converged Application Server - Service Controller, version 6.2 Oracle Communications Converged Application Server - Service Controller
Oracle Communications Design Studio, version 7.4.2 Oracle Communications Design Studio
Oracle Communications Interactive Session Recorder, versions 6.3, 6.4 Oracle Communications Interactive Session Recorder
Oracle Communications Messaging Server, versions 8.0.2, 8.1, 8.1.0 Oracle Communications Messaging Server
Oracle Communications MetaSolv Solution, versions 6.3.0, 6.3.1 Oracle Communications MetaSolv Solution
Oracle Communications Performance Intelligence Center Software, versions 10.4.0.2, 10.4.0.3 Oracle Communications Performance Intelligence Center (PIC) Software
Oracle Communications Services Gatekeeper, versions 6.0, 6.1, 7.0 Oracle Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions Cz8.2, Cz8.3, Cz8.4 Oracle Communications Session Border Controller
Oracle Communications Session Router, versions Cz8.2, Cz8.3, Cz8.4 Oracle Communications Session Router
Oracle Communications Subscriber-Aware Load Balancer, versions Cz8.2, Cz8.3, Cz8.4 Oracle Communications Subscriber-Aware Load Balancer
Oracle Communications Unified Inventory Management, versions 7.3.4, 7.3.5, 7.4.0, 7.4.1 Oracle Communications Unified Inventory Management
Oracle Communications Unified Session Manager, version SCz8.2.5 Oracle Communications Unified Session Manager
Oracle Database Server, versions 12.1.0.2, 12.2.0.1, 18c, 19c Database
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10 E-Business Suite
Oracle Endeca Information Discovery Studio, version 3.2.0.0 Fusion Middleware
Oracle Enterprise Communications Broker, versions PCZ3.1, PCZ3.2, PCZ3.3 Oracle Enterprise Communications Broker
Oracle Enterprise Repository, version 11.1.1.7.0 Fusion Middleware
Oracle Enterprise Session Border Controller, versions Cz8.2, Cz8.3, Cz8.4 Oracle Enterprise Session Border Controller
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0 Oracle Financial Services Analytical Applications Infrastructure
Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3 Contact Support
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0 Contact Support
Oracle Fusion Middleware, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0 Fusion Middleware
Oracle Global Lifecycle Management OPatch, versions prior to 12.2.0.1.22 Global Lifecycle Management
Oracle GraalVM Enterprise Edition, versions 19.3.5, 20.3.1.2, 21.0.0.2 Oracle GraalVM Enterprise Edition
Oracle Graph Server and Client Database
Oracle Health Sciences Empirica Signal, versions 9.0, 9.1 Health Sciences
Oracle Health Sciences Information Manager, versions 3.0.0-3.0.2 Health Sciences
Oracle Healthcare Foundation, versions 7.1.5, 7.2.2, 7.3.0, 7.3.1, 8.0.1 Health Sciences
Oracle Hospitality Cruise Shipboard Property Management System, version 20.1.0 Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Inventory Management, version 9.1.0 Oracle Hospitality Inventory Management
Oracle Hospitality OPERA 5, versions 5.5, 5.6 Oracle Hospitality OPERA 5 Property Services
Oracle Hospitality RES 3700, versions 5.7.0-5.7.6 Oracle Hospitality RES
Oracle HTTP Server, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle Identity Manager Connector, version 11.1.1.5.0 Fusion Middleware
Oracle iLearning, versions 6.2, 6.3 iLearning
Oracle Insurance Data Gateway, version 1.0.2.3 Oracle Insurance Applications
Oracle Java SE, versions 7u291, 8u281, 11.0.10, 16 Java SE
Oracle Java SE Embedded, version 8u281 Java SE
Oracle NoSQL Database, versions prior to 20.3 NoSQL Database
Oracle Outside In Technology, version 8.5.5 Fusion Middleware
Oracle Platform Security for Java, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle Rapid Planning, version 12.1.3 Oracle Supply Chain Products
Oracle REST Data Services, versions prior to 20.4.3.50.1904 Database
Oracle Retail Advanced Inventory Planning, version 14.1 Retail Applications
Oracle Retail Assortment Planning, version 16.0.3 Retail Applications
Oracle Retail Back Office, version 14.1 Retail Applications
Oracle Retail Category Management Planning &Optimization, version 16.0.3 Retail Applications
Oracle Retail Central Office, version 14.1 Retail Applications
Oracle Retail EFTLink, versions 15.0.2, 16.0.3, 17.0.2, 18.0.1, 19.0.1, 20.0.0 Retail Applications
Oracle Retail Insights Cloud Service Suite, version 19.0 Retail Applications
Oracle Retail Item Planning, version 16.0.3 Retail Applications
Oracle Retail Macro Space Optimization, version 16.0.3 Retail Applications
Oracle Retail Merchandise Financial Planning, version 16.0.3 Retail Applications
Oracle Retail Merchandising System, version 16.0.3 Retail Applications
Oracle Retail Point-of-Service, version 14.1 Retail Applications
Oracle Retail Predictive Application Server, versions 14.1, 15.0, 16.0 Retail Applications
Oracle Retail Regular Price Optimization, version 16.0.3 Retail Applications
Oracle Retail Replenishment Optimization, version 16.0.3 Retail Applications
Oracle Retail Returns Management, version 14.1 Retail Applications
Oracle Retail Sales Audit, version 14.0 Retail Applications
Oracle Retail Size Profile Optimization, version 16.0.3 Retail Applications
Oracle Retail Store Inventory Management, versions 14.1.3.10, 15.0.3.5, 16.0.3.5 Retail Applications
Oracle Retail Xstore Point of Service, versions 15.0.4, 16.0.6, 17.0.4, 18.0.3, 19.0.2 Retail Applications
Oracle SD-WAN Aware, version 8.2 Oracle SD-WAN Aware
Oracle SD-WAN Edge, versions 8.2, 9.0 Oracle SD-WAN Edge
Oracle Secure Backup Oracle Secure Backup
Oracle Secure Global Desktop, version 5.6 Virtualization
Oracle Security Service, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle Service Bus, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle Solaris, versions 10, 11 Systems
Oracle Spatial Studio, versions prior to 19.1.0, prior to 20.1.1 Database
Oracle SQL Developer, versions prior to 20.4.1.407.6 Database
Oracle Storage Cloud Software Appliance, versions prior to 16.3.1.4.2 Contact Support
Oracle TimesTen In-Memory Database Database
Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0 Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.20 Virtualization
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle WebLogic Server Proxy Plug-In, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8 Systems
OSS Support Tools, versions prior to 2.12.41 Support Tools
PeopleSoft Enterprise CS Campus Community, version 9.2 PeopleSoft
PeopleSoft Enterprise FIN Common Application Objects, version 9.2 PeopleSoft
PeopleSoft Enterprise FIN Expenses, version 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58 PeopleSoft
PeopleSoft Enterprise PT PeopleTools, versions 8.56, 8.57, 8.58 PeopleSoft
PeopleSoft Enterprise SCM eProcurement, version 9.2 PeopleSoft
PeopleSoft Enterprise SCM Purchasing, version 9.2 PeopleSoft
Primavera Gateway, versions 17.12.0-17.12.10 Oracle Construction and Engineering Suite
Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12, 20.12 Oracle Construction and Engineering Suite
Siebel Applications, versions 21.2 and prior Siebel

 
 
□ 해결 방
 o "Oracle Critical Patch Update Advisory – April 2021“ 문서 및 패치 사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]
 
□ 기타 문의사항
 o 한국인터넷진흥원 사이버민원센터: 국번없이 118

[참고사이트]
[1] https://www.oracle.com/security-alerts/cpuapr2021.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.xml


□ 작성 : 침해사고분석단 취약점분석팀