[IT 알아보기]/보안 이슈

[보안 이슈] Oracle Critical Patch Update 보안 업데이트 권고

이호스트ICT 2022. 7. 28. 10:00

 

□ 개요
 o 오라클社 CPU에서 자사 제품의 보안 취약점 349개에 대한 패치 발표 [1]
  CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
 o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 버전

영향받는 제품 패치 관련 문서
Autonomous Health Framework Oracle Autonomous Health Framework
Big Data Spatial and Graph, versions prior to 23.1 Data
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0 Enterprise Manager
Enterprise Manager for MySQL Data Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0 Enterprise Manager
JD Edwards EnterpriseOne Orchestrator, versions 9.2.6.3 and prior JD Edwards
JD Edwards EnterpriseOne Tools, versions 9.2.6.3 and prior JD Edwards
MySQL Cluster, versions 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior, 8.0.29 and prior, and8.0.29 and prior MySQL
MySQL Enterprise Monitor, versions 8.0.30 and prior MySQL
MySQL Server, versions 5.7.38 and prior, 8.0.29 and prior MySQL
MySQL Shell, versions 8.0.28 and prior MySQL
MySQL Shell for VS Code, versions 1.1.8 and prior MySQL
MySQL Workbench, versions 8.0.29 and prior MySQL
Oracle Agile Engineering Data Management, version 6.2.1.0 Oracle Supply Chain Products
Oracle Agile PLM, version 9.3.6 Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, versions 6.2.2, 6.2.3 Oracle Supply Chain Products
Oracle Application Express, versions prior to 22.1.1 Data
Oracle Application Testing Suite, version 13.3.0.1 Enterprise Manager
Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2 Oracle Supply Chain Products
Oracle Banking Branch, version 14.5 Contact Support
Oracle Banking Cash Management, version 14.5 Contact Support
Oracle Banking Corporate Lending Process Management, version 14.5 Contact Support
Oracle Banking Credit Facilities Process Management, version 14.5 Contact Support
Oracle Banking Deposits and Lines of Credit Servicing, version 2.7 Contact Support
Oracle Banking Electronic Data Exchange for Corporates, version 14.5 Contact Support
Oracle Banking Liquidity Management, versions 14.2, 14.5 Contact Support
Oracle Banking Origination, version 14.5 Contact Support
Oracle Banking Party Management, version 2.7 Oracle Banking Platform
Oracle Banking Platform, versions 2.6.2, 2.9, 2.12 Oracle Banking Platform
Oracle Banking Supply Chain Finance, version 14.5 Contact Support
Oracle Banking Trade Finance, version 14.5 Contact Support
Oracle Banking Trade Finance Process Management, version 14.5 Contact Support
Oracle Banking Virtual Account Management, version 14.5 Contact Support
Oracle Berkeley DB Berkeley DB
Oracle BI Publisher, versions 12.2.1.3.0, 12.2.1.4.0 Oracle Analytics
Oracle Blockchain Platform Oracle Blockchain Platform
Oracle Business Intelligence Enterprise Edition, version 5.9.0.0.0 Oracle Analytics
Oracle Coherence, versions 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2 Oracle Commerce
Oracle Commerce Merchandising, version 11.3.2 Oracle Commerce
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2 Oracle Commerce
Oracle Communications ASAP, version 7.3 Oracle Communications ASAP
Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.6.0 Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, versions prior to 12.0.0.4.6, prior to 12.0.0.5.1 Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Cloud Native Core Binding Support Function, versions 22.1.3, 22.2.0 Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, versions 22.1.2, 22.2.0 Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Exposure Function, version 22.1.1 Oracle Communications Cloud Native Core Network Exposure Function
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 22.1.0, 22.1.2, 22.2.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, versions 22.1.2, 22.2.0 Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Network Slice Selection Function, version 22.1.1 Oracle Communications Cloud Native Core Network Slice Selection Function
Oracle Communications Cloud Native Core Policy, versions 22.1.3, 22.2.0 Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, version 22.1.1 Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy, version 22.2.0 Oracle Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository, version 22.2.0 Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Core Session Manager, versions 8.2.5, 8.4.5 Oracle Communications Core Session Manager
Oracle Communications Design Studio, version 7.4.2 Oracle Communications Design Studio
Oracle Communications Instant Messaging Server, version 10.0.1.5.0 Oracle Communications Instant Messaging Server
Oracle Communications IP Service Activator Oracle Communications IP Service Activator
Oracle Communications Offline Mediation Controller, versions prior to 12.0.0.4.4, prior to 12.0.0.5.1 Oracle Communications Offline Mediation Controller
Oracle Communications Operations Monitor, versions 4.3, 4.4, 5.0 Oracle Communications Operations Monitor
Oracle Communications Session Border Controller, versions 8.4, 9.0, 9.1 Oracle Communications Session Border Controller
Oracle Communications Unified Inventory Management, versions 7.4.1, 7.4.2, 7.5.0 Oracle Communications Unified Inventory Management
Oracle Communications Unified Session Manager, version 8.2.5 Oracle Communications Unified Session Manager
Oracle Crystal Ball, versions 11.1.2.0.0-11.1.2.4.900 Oracle Construction and Engineering Suite
Oracle Data Integrator Fusion Middleware
Oracle Data Server, versions 12.1.0.2, 19c, 21c Data
Oracle E-Business Suite, versions 12.2.3-12.2.11 Oracle E-Business Suite
Oracle Enterprise Communications Broker, version 3.3 Oracle Enterprise Communications Broker
Oracle Enterprise Operations Monitor, versions 4.3, 4.4, 5.0 Oracle Enterprise Operations Monitor
Oracle Enterprise Session Border Controller, versions 8.4, 9.0, 9.1 Oracle Enterprise Session Border Controller
Oracle Ess, version 21.3 Data
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7.0-8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform, versions 8.0.7.0, 8.0.8.0, 8.1.1.0-8.1.2.1 Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Crime and Compliance Management Studio, versions 8.0.8.2.0, 8.0.8.3.0 Oracle Financial Services Crime and Compliance Management Studio
Oracle Financial Services Enterprise Case Management, versions 8.0.7.1, 8.0.7.2, 8.0.8.0, 8.0.8.1, 8.1.1.0-8.1.2.1 Oracle Financial Services Enterprise Case Management
Oracle Financial Services Revenue Management and Billing, versions 2.9.0.0.0, 2.9.0.1.0, 3.0.0.0.0-3.2.0.0.0, 4.0.0.0.0 Oracle Financial Services Revenue Management and Billing
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versions 8.0.7.0, 8.0.8.0 Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
Oracle FLEXCUBE Core Banking, versions 5.2, 11.6-11.8, 11.10 Contact Support
Oracle FLEXCUBE Private Banking, version 12.1 Contact Support
Oracle FLEXCUBE Universal Banking, versions 12.1-12.4, 14.0-14.3, 14.5 Contact Support
Oracle Global Lifecycle Management NextGen OUI Framework, versions prior to 13.9.4.2.10 Fusion Middleware
Oracle Global Lifecycle Management OPatch, versions prior to 12.2.0.1.30 Global Lifecycle Management
Oracle GoldenGate, versions [19c] prior to 19.1.0.0.220719, [21c] prior to 21.7.0.0.0 Data
Oracle GraalVM Enterprise Edition, versions 20.3.6, 21.3.2, 22.1.0 Java SE
Oracle Graph Server and Client, versions prior to 22.2.0 Data
Oracle Health Sciences Data Management Workbench, versions 2.4.8.7, 2.5.2.1, 3.0.0.0, 3.1.0.3 Health Sciences
Oracle Health Sciences Empirica Signal, versions 9.1.0.52, 9.2.0.52 Health Sciences
Oracle Health Sciences Information Manager, versions 3.0.0.1, 3.0.1.0-3.0.5.0 HealthCare Applications
Oracle Healthcare Foundation, versions 8.1.0, 8.2.0, 8.2.1 HealthCare Applications
Oracle Hospitality Cruise Shipboard Property Management System, version 20.2.1 Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Inventory Management, version 9.1 Oracle Hospitality Inventory Management
Oracle Hospitality Materials Control, version 18.1 Oracle Hospitality Materials Control
Oracle Hospitality OPERA 5, version 5.6 Oracle Hospitality OPERA 5 Property Services
Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle Identity Management Suite Fusion Middleware
Oracle Identity Manager Connector Fusion Middleware
Oracle Java SE, versions 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 Java SE
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle Middleware Common Libraries and Tools, versions 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle NoSQL Data NoSQL Data
Oracle Policy Automation, versions 12.2.0-12.2.25 Oracle Policy Automation
Oracle Policy Automation for Mobile Devices, versions 12.2.0-12.2.24 Oracle Policy Automation
Oracle Product Lifecycle Analytics, version 3.6.1 Oracle Supply Chain Products
Oracle REST Data Services, versions prior to 22.1.1 Data
Oracle Retail Allocation, versions 15.0.3.1, 16.0.3 Retail Applications
Oracle Retail Bulk Data Integration, version 16.0.3 Retail Applications
Oracle Retail Customer Insights, versions 15.0.2, 16.0.2 Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 17.0, 18.0, 19.0 Retail Applications
Oracle Retail Extract Transform and Load, version 13.2.5 Retail Applications
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Merchandising System, versions 16.0.3, 19.0.1 Retail Applications
Oracle Retail Order Broker, versions 18.0, 19.1 Retail Applications
Oracle Retail Pricing, version 19.0.1 Retail Applications
Oracle Retail Sales Audit, versions 15.0.3.1, 16.0.3 Retail Applications
Oracle Retail Xstore Point of Service, versions 17.0.4, 18.0.3, 19.0.2, 20.0.1, 21.0.1 Retail Applications
Oracle SD-WAN Edge, versions 9.0, 9.1 Oracle SD-WAN Edge
Oracle Security Service, versions 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle SOA Suite, versions 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle Solaris, versions 10, 11 Systems
Oracle Spatial Studio, versions prior to 22.1.0 Data
Oracle SQL Developer Data
Oracle Stream Analytics, versions [19c] prior to 19.1.0.0.6.4 Data
Oracle TimesTen In-Memory Data, versions prior to 22.1.1.1.0 Data
Oracle Transportation Management, version 1.4.4 Oracle Supply Chain Products
Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0 Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.36 Virtualization
Oracle WebCenter Content, versions 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Sites Support Tools, versions prior to 4.4.2 Fusion Middleware
Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Weblogic Server Proxy Plug-in, versions 12.2.1.3.0, 12.2.1.4.0 Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8 Systems
PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59 PeopleSoft
Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.14, 19.12.0-19.12.13, 20.12.0-20.12.8, 21.12.0-21.12.1 Oracle Construction and Engineering Suite
Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0.0-17.12.20.4, 18.8.0.0-18.8.25.4, 19.12.0.0-19.12.19.0, 20.12.0.0-20.12.14.0, 21.12.0.0-21.12.4.0 Oracle Construction and Engineering Suite
Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12 Oracle Construction and Engineering Suite
Siebel Applications, versions 22.6 and prior Siebel


□ 해결 방안
 o "Oracle Critical Patch Update Advisory - July 2022“ 문서 및 패치 사항을 검토하고 벤더 사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

□ 기타 문의사항
 o 한국인터넷진흥원 사이버민원센터: 국번없이 118

[참고사이트]
[1] https://www.oracle.com/security-s/cpujul2022.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.html
 

□ 작성 : 침해사고분석단 취약점분석팀

 

저작자표시 비영리

'[IT 알아보기] > 보안 이슈' 카테고리의 다른 글

[보안 이슈] Samba 취약점 보안 업데이트 권고  (0) 2022.08.04
[보안 이슈] Mozilla 제품 보안 업데이트 권고  (0) 2022.08.04
[보안 이슈] Drupal 제품 보안 업데이트 권고  (0) 2022.07.28
[보안 이슈] 구글 Chrome 브라우저 보안 업데이트 권고  (0) 2022.07.27
[보안 이슈] Atlassian 제품 취약점 보안 업데이트 권고  (0) 2022.07.27

'[IT 알아보기]/보안 이슈'의 다른글

  • 현재글[보안 이슈] Oracle Critical Patch Update 보안 업데이트 권고

관련글

댓글

티스토리툴바