【漏洞详情】
近日,Oracle官方发布了2019第2季度关键补丁更新公告CPU(Critical Patch Update),共修复了297个安全漏洞,其中涉及Oracle WebLogic Server、Oracle Database server、Oracle Java SE组件多个高危漏洞,如包括远程代码执行、任意文件上传、反序列化等,通过此类漏洞,黑客可远程访问并接管服务器,漏洞风险大。
【风险评级】
高危
【影响范围】
受影响组件 |
版本 |
Agile Recipe Management for Pharmaceuticals |
9.3.3,9.3.4 |
Enterprise Manager Base Platform |
12.1.0.5.0,13.2.0.0.0,13.3.0.0.0 |
Enterprise Manager Ops Center |
12.3.3 |
FMW Platform |
12.2.1.3.0 |
Instantis EnterpriseTrack |
17.1,17.2,17.3 |
JD Edwards EnterpriseOne Tools |
9.2 |
JD Edwards World Technical Foundation |
A9.2,A9.3.1,A9.4 |
MICROS Lucas |
2.9.5.6,2.9.5.7 |
MICROS Relate CRM Software |
11.4 |
MICROS Retail-J |
12.1.2 |
MySQL Connectors |
5.3.12andprior,8.0.15andprior |
MySQL Enterprise Backup |
3.12.3andprior,4.1.2andprior |
MySQL Enterprise Monitor |
4.0.8andprior,8.0.14andprior |
MySQL Server |
5.6.43andprior,5.7.25andprior,8.0.15andprior |
Oracle Agile PLM |
9.3.3,9.3.4,9.3.5 |
Oracle API Gateway |
11.1.2.4.0 |
Oracle Application Testing Suite |
13.3.0.1 |
Oracle AutoVue 3D Professional Advanced |
21.0.0,21.0.1 |
Oracle Banking Platform |
2.4.0,2.4.1,2.5.0,2.6.0 |
Oracle Berkeley DB |
priorto6.138,priorto18.1.32 |
Oracle BI Publisher |
11.1.1.9.0,12.2.1.3.0,12.2.1.4.0 |
Oracle Business Intelligence Enterprise Edition |
11.1.1.9.0,12.2.1.3.0,12.2.1.4.0 |
Oracle Business Process Management Suite |
11.1.1.9.0,12.1.3.0.0,12.2.1.3.0 |
Oracle Business Transaction Management |
12.1.0 |
Oracle Commerce Merchandising |
11.2.0.3 |
Oracle Commerce Platform |
11.2.0.3,11.3.1 |
Oracle Communications Application Session Controller |
3.7.1,3.8.0 |
Oracle Communications EAGLE Application Processor |
16.1.0,16.2.0 |
Oracle Communications EAGLE LNP Application Processor |
10.0,10.1,10.2 |
Oracle Communications Instant Messaging Server |
10.0.1 |
Oracle Communications Interactive Session Recorder |
6.0,6.1,6.2 |
Oracle Communications LSMS |
13.1,13.2,13.3 |
Oracle Communications Messaging Server |
8.0,8.1 |
Oracle Communications Operations Monitor |
3.4,4.0 |
Oracle Communications Policy Management |
12.1,12.2,12.3,12.4 |
Oracle Communications Pricing Design Center |
11.1,12.0 |
Oracle Communications Service Broker |
6 |
Oracle Communications Service Broker Engineered System Edition |
6 |
Oracle Communications Session Border Controller |
8.0.0,8.1.0,8.2.0 |
Oracle Communications Unified Inventory Management |
7.3.2,7.3.4,7.3.5,7.4.0 |
Oracle Configuration Manager |
12.1.0 |
Oracle Configurator |
12.1,12.2 |
Oracle Data Integrator |
11.1.1.9.0,12.2.1.3.0 |
Oracle Database Server |
11.2.0.4,12.1.0.2,12.2.0.1,18c,19c |
Oracle E-Business Suite |
0.9.8,1.0.0,1.0.1,12.1.1,12.1.2,12.1.3,12.2.3,12.2.4,12.2.5,12.2.6, |
Oracle Endeca Information Discovery Integrator |
3.2.0 |
Oracle Enterprise Communications Broker |
3.0.0,3.1.0 |
Oracle Enterprise Operations Monitor |
3.4,4.0 |
Oracle Enterprise Session Border Controller |
8.0.0,8.1.0,8.2.0 |
Oracle Financial Services Analytical Applications Infrastructure |
7.3.3–7.3.5,8.0.0–8.0.7 |
Oracle Financial Services Asset Liability Management |
8.0.4–8.0.7 |
Oracle Financial Services Data Integration Hub |
8.0.5–8.0.7 |
Oracle Financial Services Funds Transfer Pricing |
8.0.4–8.0.7 |
Oracle Financial Services Hedge Management and IFRS Valuations |
8.0.4–8.0.7 |
Oracle Financial Services Liquidity Risk Management |
8.0.2–8.0.6 |
Oracle Financial Services Loan Loss Forecasting and Provisioning |
8.0.2–8.0.7 |
Oracle Financial Services Market Risk Measurement and Management |
8.0.5,8.0.6 |
Oracle Financial Services Profitability Management |
8.0.4–8.0.6 |
Oracle Financial Services Reconciliation Framework |
8.0.5,8.0.6 |
Oracle FLEXCUBE Private Banking |
2.0.0.0,2.2.0.1,12.0.1.0,12.0.3.0,12.1.0.0 |
Oracle Fusion Middleware MapViewer |
12.2.1.3.0 |
Oracle Health Sciences Data Management Workbench |
2.4.8 |
Oracle Healthcare Master Person Index |
3.0,4.0 |
Oracle Hospitality Cruise Dining Room Management |
8.0.80 |
Oracle Hospitality Cruise Fleet Management |
9.0.11 |
Oracle Hospitality Guest Access |
4.2.0,4.2.1 |
Oracle Hospitality Reporting and Analytics |
9.1.0 |
Oracle HTTP Server |
12.2.1.3.0 |
Oracle Identity Analytics |
11.1.1.5.8 |
Oracle Java SE |
7u211,8u202,11.0.2,12 |
Oracle Java SE Embedded |
8u201 |
Oracle JDeveloper |
11.1.1.9.0,12.1.3.0.0,12.2.1.3.0 |
Oracle Knowledge |
8.5.1.0–8.5.1.7,8.6.0,8.6.1 |
Oracle Managed File Transfer |
12.1.3.0.0,12.2.1.3.0 |
Oracle Outside In Technology |
8.5.3,8.5.4 |
Oracle Real-Time Scheduler |
2.3.0 |
Oracle Retail Allocation |
15.0.2 |
Oracle Retail Convenience Store Back Office |
3.6 |
Oracle Retail Customer Engagement |
16.0,17.0 |
Oracle Retail Customer Management and Segmentation Foundation |
16.0,17.0,18.0 |
Oracle Retail Invoice Matching |
12.0,13.0,13.1,13.2,14.0,14.1,15.0 |
Oracle Retail Merchandising System |
15.0,16.0 |
Oracle Retail Order Broker |
5.1,5.2,15.0,16.0 |
Oracle Retail Point-of-Service |
13.4,14.0,14.1 |
Oracle Retail Workforce Management Software |
1.60.9.0.0 |
Oracle Retail Xstore Point of Service |
7.0,7.1 |
Oracle Secure Global Desktop |
5.4 |
Oracle Service Bus |
11.1.1.9.0,12.1.3.0.0,12.2.1.3.0 |
Oracle SOA Suite |
11.1.1.9.0,12.1.3.0.0,12.2.1.3.0 |
Oracle Solaris |
10,11 |
Oracle Traffic Director |
11.1.1.9.0 |
Oracle Transportation Management |
6.3.7,6.4.2,6.4.3 |
Oracle Tuxedo |
12.1.1.0.0 |
Oracle Utilities Framework |
2.2.0,4.2.0.2.0,4.2.0.3.0,4.3.0.2.0,4.3.0.3.0,4.3.0.4.0,4.3.0.5.0, |
Oracle Utilities Mobile Workforce Management |
2.3.0 |
Oracle Utilities Network Management System |
1.12.0.3 |
Oracle VM VirtualBox |
priorto5.2.28,priorto6.0.6 |
Oracle WebCenter Portal |
12.2.1.3.0 |
Oracle WebCenter Sites |
12.2.1.3.0 |
Oracle WebLogic Server |
10.3.6.0.0,12.1.3.0.0,12.2.1.3.0 |
OSS Support Tools |
19.1 |
PeopleSoft Enterprise ELM |
9.2 |
PeopleSoft Enterprise ELM Enterprise Learning Management |
9.2 |
PeopleSoft Enterprise HCM Talent Acquisition Manager |
9.2 |
PeopleSoft Enterprise HRMS |
9.2 |
PeopleSoft Enterprise PeopleTools |
8.55,8.56,8.57 |
PeopleSoft Enterprise PT PeopleTools |
8.55,8.56,8.57 |
Primavera P6 Enterprise Project Portfolio Management |
8.4,15.1,15.2,16.1,16.2,17.7–17.12,18.8 |
Primavera Unifier |
16.1,16.2,17.7–17.12,18.8 |
Siebel Applications |
19.3 |
【修复建议】
建议受影响的用户依据业务需求和实际漏洞风险评估并选择升级相关组件补丁。
【参考链接】
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。