[보안 이슈] Oracle Critical Patch Update 보안 업데이트 권고

 

□ 개요
 o 오라클社 CPU에서 자사 제품의 보안 취약점 370개에 대한 패치 발표 [1]
  ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
 o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 버전

영향받는 제품	패치 관련 문서
Application Management Pack for Oracle E-Business Suite, version 13.4.1.0.0	Oracle E-Business Suite
Big Data Spatial and Graph	Data
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0	Enterprise Manager
Enterprise Manager for Virtualization, versions 13.4.0.0, 13.5.0.0	Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0	Enterprise Manager
JD Edwards EnterpriseOne Orchestrator, versions 9.2.6.4 and prior	JD Edwards
JD Edwards EnterpriseOne Tools, versions 9.2.6.4 and prior	JD Edwards
MySQL Connectors, versions 8.0.30 and prior	MySQL
MySQL Enterprise Backup, versions 4.1.4 and prior	MySQL
MySQL Enterprise Monitor, versions 8.0.31 and prior	MySQL
MySQL Installer, versions 1.6.3 and prior	MySQL
MySQL Server, versions 5.7.39 and prior, 8.0.30 and prior	MySQL
MySQL Shell, versions 8.0.30 and prior	MySQL
MySQL Workbench, versions 8.0.30 and prior	MySQL
Oracle Access Manager, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Agile Engineering Data Management, version 6.2.1.0	Oracle Supply Chain Products
Oracle Agile PLM, version 9.3.6	Oracle Supply Chain Products
Oracle Airlines Data Model	Oracle Airlines Data Model
Oracle Application Express	Data
Oracle AutoVue, version 21.0.2	Oracle Supply Chain Products
Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2	Oracle Supply Chain Products
Oracle Banking Enterprise Default Management, version 2.12.0	Oracle Banking Platform
Oracle Banking Loans Servicing, versions 2.8.0, 2.12.0	Contact Support
Oracle Banking Party Management, version 2.7.0	Oracle Banking Platform
Oracle Banking Platform, versions 2.7.1, 2.9.0, 2.12.0	Oracle Banking Platform
Oracle BI Publisher, versions 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0, 12.2.1.4.0	Oracle Analytics
Oracle Business Activity Monitoring(Oracle BAM), versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 5.9.0.0, 6.4.0.0	Oracle Analytics
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle Commerce Platform, versions 11.3.0-11.3.2	Oracle Commerce
Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.7.0	Oracle Communications Billing and Revenue Management
Oracle Communications Cloud Native Core Binding Support Function, version 22.3.0	Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, version 22.2.0	Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Exposure Function, versions 22.2.1, 22.3.0	Oracle Communications Cloud Native Core Network Exposure Function
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 1.9.0, 22.1, 22.1.0, 22.2, 22.2.0, 22.2.1	Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, version 22.2.2	Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Policy, version 22.3.0	Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.1.1, 22.2.0, 22.2.1, 22.3.0	Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy, versions 22.2.3, 22.3.1, 22.4.0	Oracle Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository, versions 22.1.1, 22.2.1, 22.3.0	Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Converged Application Server - Service Controller, version 6.2	Oracle Communications Converged Application Server - Service Controller
Oracle Communications Convergence, version 3.0.3.0	Oracle Communications Convergence
Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.5.0.0	Oracle Communications Convergent Charging Controller
Oracle Communications Data Model, version 12.2.0.1	Oracle Communications Data Model
Oracle Communications Design Studio, version 7.4.2	Oracle Communications Design Studio
Oracle Communications Diameter Signaling Router, version 8.6.0.0	Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager, version 9.0	Oracle Communications Element Manager
Oracle Communications Evolved Communications Application Server, version 7.1	Oracle Communications Evolved Communications Application Server
Oracle Communications Instant Messaging Server, version 10.0.1.6.0	Oracle Communications Instant Messaging Server
Oracle Communications Interactive Session Recorder, version 6.4	Oracle Communications Interactive Session Recorder
Oracle Communications Messaging Server, version 8.1	Oracle Communications Messaging Server
Oracle Communications MetaSolv Solution, version 6.3.1	Oracle Communications MetaSolv Solution
Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.5.0.0	Oracle Communications Network Charging and Control
Oracle Communications Order and Service Management, versions 7.3, 7.4	Oracle Communications Order and Service Management
Oracle Communications Policy Management, version 12.6.0.0.0	Oracle Communications Policy Management
Oracle Communications Pricing Design Center, versions 12.0.0.4.0-12.0.0.7.0	Oracle Communications Pricing Design Center
Oracle Communications Services Gatekeeper, version 7.0.0.0.0	Oracle Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions 8.4, 9.0, 9.1	Oracle Communications Session Border Controller
Oracle Communications Session Report Manager, version 9.0	Oracle Communications Session Report Manager
Oracle Communications Unified Assurance, versions prior to 5.5.7.0.0, 6.0.0.0.0	Oracle Communications Unified Assurance
Oracle Communications User Data Repository, versions 12.4.0, 12.6.0, 12.6.1	Oracle Communications User Data Repository
Oracle Communications WebRTC Session Controller, versions 7.2.0, 7.2.1	Oracle Communications WebRTC Session Controller
Oracle Data Integrator, version 12.2.1.4.0	Fusion Middleware
Oracle Data Server, versions 19c, 21c	Data
Oracle Documaker Enterprise Edition, versions 12.6-12.7	Oracle Insurance Applications
Oracle E-Business Suite, versions 12.2.3-12.2.11	Oracle E-Business Suite
Oracle Enterprise Data Quality, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Enterprise Operations Monitor, versions 4.4, 5.0	Oracle Enterprise Operations Monitor
Oracle Ess, version 21.3	Data
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7.0-8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1	Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform, versions 8.0.7.2, 8.0.8.1, 8.1.1.0, 8.1.1.1, 8.1.2.0, 8.1.2.1, 8.1.2.2	Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Enterprise Case Management, versions 8.0.7.3, 8.0.8.2, 8.1.1.0, 8.1.1.1, 8.1.2.0, 8.1.2.1, 8.1.2.2	Oracle Financial Services Enterprise Case Management
Oracle Financial Services Model Management and Governance, versions 8.0.8.0, 8.1.0.0, 8.1.1.0	Oracle Financial Services Model Management and Governance
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versions 8.0.7.0, 8.0.8.0	Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
Oracle GoldenGate, version 19c	Data
Oracle GraalVM Enterprise Edition, versions 20.3.7, 21.3.3, 22.2.0	Java SE
Oracle Healthcare Data Repository, versions 8.1.1, 8.1.2, 8.1.3	HealthCare Applications
Oracle Healthcare Foundation, versions 8.1, 8.2	HealthCare Applications
Oracle Healthcare Master Person Index, versions 5.0.0-5.0.3	HealthCare Applications
Oracle Healthcare Translational Research, version 4.1	HealthCare Applications
Oracle Hospitality Cruise Fleet Management System, version 9.1.5	Oracle Hospitality Cruise Fleet Management
Oracle Hospitality Cruise Shipboard Property Management System, versions 20.2.0, 20.2.2	Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Suite8, versions 8.10.2, 8.11.0, 8.12.0, 8.13.0, 8.14.0	Oracle Hospitality Suite8
Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Hyperion Infrastructure Technology, version 11.2.9	Oracle Enterprise Performance Management
Oracle Identity Management Suite, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2.0, 5.4.0-5.6.2	Oracle Insurance Applications
Oracle Java SE, versions 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19	Java SE
Oracle MapViewer, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Middleware Common Libraries and Tools, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle NoSQL Data	NoSQL Data
Oracle Outside In Technology, version 8.5.6	Fusion Middleware
Oracle Retail Assortment Planning, version 16.0.3	Retail Applications
Oracle Retail Back Office, version 14.1	Retail Applications
Oracle Retail Central Office, version 14.1	Retail Applications
Oracle Retail Customer Insights, versions 15.0.2, 15.2, 16.0.2	Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 17.0, 18.0, 19.0	Retail Applications
Oracle Retail EFTLink, versions 20.0.1, 21.0.0	Retail Applications
Oracle Retail Fiscal Management, version 14.2	Retail Applications
Oracle Retail Merchandising System, versions 14.1.3.2, 15.0.3.1, 19.0.1	Retail Applications
Oracle Retail Point Of Service, version 14.1	Retail Applications
Oracle Retail Predictive Application Server, versions 14.1.3.47, 15.0.3.116, 16.0.3.260	Retail Applications
Oracle Retail Returns Management, version 14.1	Retail Applications
Oracle Retail Sales Audit, version 19.0.1	Retail Applications
Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3	Retail Applications
Oracle SD-WAN Aware, version 9.0.1.3.0	Oracle SD-WAN Aware
Oracle SD-WAN Edge, versions 7.0.7, 9.1.1.2.0	Oracle SD-WAN Edge
Oracle Secure Backup, versions prior to 18.1.0.2.0	Oracle Secure Backup
Oracle SOA Suite, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Solaris, version 11	Systems
Oracle Solaris Cluster, version 4	Systems
Oracle SQL Developer	Data
Oracle TimesTen In-Memory Data	Data
Oracle Transportation Management, versions 6.4.3, 6.5.1	Oracle Supply Chain Products
Oracle Utilities Testing Accelerator, versions 6.0.0.1.3, 6.0.0.2.4, 6.0.0.3.3, 7.0.0.0.0	Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.40	Virtualization
Oracle WebCenter Content, version 12.2.1.3.0	Fusion Middleware
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
PeopleSoft Enterprise Common Components, version 9.2	PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59, 8.60	PeopleSoft
Primavera Gateway, versions 18.8.0-18.8.15, 19.12.0-19.12.14, 20.12.0-20.12.9, 21.12.0-21.12.7	Oracle Construction and Engineering Suite
Primavera Unifier, versions 18.8, 19.12, 20.12, 21.12	Oracle Construction and Engineering Suite
Siebel Applications, versions 22.8 and prior	Siebel

□ 해결 방안
 o "Oracle Critical Patch Update Advisory - October 2022“ 문서 및 패치 사항을 검토하고 벤더 사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

□ 기타 문의사항
 o 한국인터넷진흥원 사이버민원센터: 국번없이 118

[참고사이트]
[1] https://www.oracle.com/security-alerts/cpuoct2022.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.html


□ 작성 : 침해사고분석단 취약점분석팀