Oacle lanzó una de las mayores actualizaciones de seguridad con las correcciones para 284 vulnerabilidades de seguridad que afectaron a los productos de Oracle
Hay 93 productos diferentes y las versiones se ven afectadas con varios niveles de vulnerabilidades y lanzan una actualización para los usuarios.
Productos afectados que incluyen Enterprise Manager, Java SE, MySQL, JD Edwards, productos de la cadena de suministro de Oracle, base de datos, E-Business Suite, aplicaciones para minoristas, virtualización, plataforma bancaria de Oracle y más.
Oracle dijo que, por lo general, los parches de la Actualización de parches críticos son acumulativos, pero cada recomendación describe solo las correcciones de seguridad agregadas desde la anterior recomendación de la Actualización de parches críticos.
Hay algunos casos anteriores, los atacantes han explotado algunas de las vulnerabilidades de los productos de Oracle porque los clientes específicos no habían aplicado los parches de Oracle disponibles.
Todos los 284 son arreglados y lanzaron las actualizaciones, por lo que ahora Oracle recomienda encarecidamente que los clientes permanezcan en versiones con soporte activo y apliquen los arreglos de la Actualización de parches críticos sin demora.
Algunas de las vulnerabilidades son potencialmente explotadas en el sistema que permite a un atacante hacerse cargo del control completo del sistema vulnerable. aplicando asiparche Tan pronto como sea posible, se reducirá el riesgo de un ataque exitoso al bloquear los protocolos de red requeridos por un ataque.
En este caso, varias vulnerabilidades tratadas en esta actualización de parche crítico afectan a múltiples productos y se ha asignado el CVE para cada vulnerabilidad.
Según Oracle, "Oracle realiza un análisis de cada vulnerabilidad de seguridad tratada por una actualización de parche crítico. Oracle no divulga información detallada sobre este análisis de seguridad a los clientes, pero la Matriz de Riesgos resultante y la documentación asociada proporcionan información sobre el tipo de vulnerabilidad, las condiciones requeridas para explotarla y el impacto potencial de una explotación exitosa "
Lista de actualizaciones de seguridad de Oracle
Enterprise Manager Base Platform, versions 12.1.0.5, 13.2, 13.3 | Enterprise Manager |
Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3, 13.3.1 | Enterprise Manager |
Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 | Enterprise Manager |
Hyperion BI+, version 11.1.2.4 | Fusion Middleware |
Java Advanced Management Console, version 2.12 | Java SE |
JD Edwards EnterpriseOne Tools, version 9.2 | JD Edwards |
JD Edwards World Security, versions A9.3, A9.3.1, A9.4 | JD Edwards |
MySQL Connectors, versions 2.1.8 and prior, 8.0.13 and prior | MySQL |
MySQL Enterprise Monitor, versions 4.0.7 and prior, 8.0.13 and prior | MySQL |
MySQL Server, versions 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior | MySQL |
MySQL Workbench, versions 8.0.13 and prior | MySQL |
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1 | Oracle Supply Chain Products |
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6 | Oracle Supply Chain Products |
Oracle Agile Product Lifecycle Management for Process, versions 6.2.0.0, 6.2.1.0, 6.2.2.0, 6.2.3.0, 6.2.3.1 | Oracle Supply Chain Products |
Oracle API Gateway, version 11.1.2.4.0 | Fusion Middleware |
Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0.1 | Enterprise Manager |
Oracle Argus Safety, versions 8.1, 8.2 | Health Sciences |
Oracle Banking Platform, versions 2.5.0, 2.6.0, 2.6.1, 2.6.2 | Oracle Banking Platform |
Oracle Business Process Management Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0 | Fusion Middleware |
Oracle Communications Billing and Revenue Management, versions 7.5, 12.0 | Oracle Communications Billing and Revenue Management |
Oracle Communications Converged Application Server, versions prior to 7.0.0.1 | Oracle Communications Converged Application Server |
Oracle Communications Converged Application Server – Service Controller, version 6.1 | Oracle Communications Converged Application Server – Service Controller |
Oracle Communications Diameter Signaling Router (DSR), versions prior to 8.3 | Oracle Communications Diameter Signaling Router |
Oracle Communications Online Mediation Controller, version 6.1 | Oracle Communications Online Mediation Controller |
Oracle Communications Performance Intelligence Center (PIC) Software, versions prior to 10.2.1 | Oracle Communications Performance Intelligence Center (PIC) Software |
Oracle Communications Policy Management, versions prior to 12.5 | Oracle Communications Policy Management |
Oracle Communications Service Broker, version 6.0 | Oracle Communications Service Broker |
Oracle Communications Services Gatekeeper, versions prior to 6.1.0.4.0 | Oracle Communications Services Gatekeeper |
Oracle Communications Session Border Controller, versions SCz7.4.0, SCz7.4.1, SCz8.0.0, SCz8.1.0 | Oracle Communications Session Border Controller |
Oracle Communications Unified Inventory Management, versions prior to 7.4.0 | Oracle Communications Unified Inventory Management |
Oracle Communications Unified Session Manager, version SCz7.3.5 | Oracle Communications Unified Session Manager |
Oracle Communications WebRTC Session Controller, versions prior to 7.2 | Oracle Communications WebRTC Session Controller |
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c | Database |
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | E-Business Suite |
Oracle Endeca Server, version 7.7.0 | Fusion Middleware |
Oracle Enterprise Communications Broker, versions PCz2.1, PCz2.2, PCz3.0 | Oracle Enterprise Communications Broker |
Oracle Enterprise Repository, version 12.1.3.0.0 | Fusion Middleware |
Oracle Enterprise Session Border Controller, versions ECz7.4.0, ECz7.5.0, ECz8.0.0, ECz8.1.0 | Oracle Enterprise Session Border Controller |
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3, 7.3.5, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7 | Oracle Financial Services Analytical Applications Infrastructure |
Oracle FLEXCUBE Direct Banking, version 12.0.2 | Oracle Financial Services Applications |
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 | Oracle Financial Services Applications |
Oracle Fusion Middleware MapViewer, version 12.2.1.3.0 | Fusion Middleware |
Oracle GoldenGate Application Adapters, version 12.3.2.1.1 | Fusion Middleware |
Oracle Health Sciences Information Manager, version 3.0 | Health Sciences |
Oracle Healthcare Foundation, versions 7.1, 7.2 | Health Sciences |
Oracle Healthcare Master Person Index, versions 3.0, 4.0 | Health Sciences |
Oracle Hospitality Cruise Fleet Management, version 9.0.10 | Oracle Hospitality Cruise Fleet Management |
Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.8 | Oracle Hospitality Cruise Shipboard Property Management System |
Oracle Hospitality Reporting and Analytics, version 9.1.0 | Oracle Hospitality Reporting and Analytics |
Oracle Hospitality Simphony, version 2.10 | Oracle Hospitality Simphony |
Oracle HTTP Server, version 12.2.1.3 | Fusion Middleware |
Oracle Insurance Calculation Engine, version 10.2 | Oracle Insurance Applications |
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2, 5.4, 5.5 | Oracle Insurance Applications |
Oracle Insurance Policy Administration J2EE, versions 10.0, 10.2 | Oracle Insurance Applications |
Oracle Insurance Rules Palette, versions 10.0, 10.2 | Oracle Insurance Applications |
Oracle Java SE, versions 7u201, 8u192, 11.0.1 | Java SE |
Oracle Java SE Embedded, version 8u191 | Java SE |
Oracle Managed File Transfer, versions 12.2.1.3.0, 19.1.0.0.0 | Fusion Middleware |
Oracle Outside In Technology, versions 8.5.3, 8.5.4 | Fusion Middleware |
Oracle Reports Developer, version 12.2.1.3 | Fusion Middleware |
Oracle Retail Back Office, versions 13.3, 13.4, 14.0, 14.1 | Retail Applications |
Oracle Retail Central Office, versions 13.3, 13.4, 14.0, 14.1 | Retail Applications |
Oracle Retail Convenience and Fuel POS Software, version 2.8.1 | Retail Applications |
Oracle Retail Customer Insights, versions 15.0, 16.0 | Retail Applications |
Oracle Retail Integration Bus, version 17.0 | Retail Applications |
Oracle Retail Merchandising System, version 14.1 | Retail Applications |
Oracle Retail Returns Management, versions 13.3, 13.4, 14.0, 14.1 | Retail Applications |
Oracle Retail Sales Audit, version 15.0 | Retail Applications |
Oracle Retail Service Backbone, versions 13.1, 13.2, 14.0, 14.1, 15.0, 16.0 | Retail Applications |
Oracle Retail Workforce Management Software, versions 1.60.9, 1.64.0 | Retail Applications |
Oracle Retail Xstore Payment, version 3.3 | Retail Applications |
Oracle Secure Global Desktop (SGD), version 5.4 | Virtualization |
Oracle Service Architecture Leveraging Tuxedo, versions 12.1.3.0.0, 12.2.2.0.0 | Fusion Middleware |
Oracle SOA Suite, versions 12.1.3.0.0, 12.2.1.3.0 | Fusion Middleware |
Oracle Solaris, versions 10, 11 | Systems |
Oracle Transportation Management, versions 6.3.7, 6.4.1, 6.4.2, 6.4.3 | Oracle Supply Chain Products |
Oracle Utilities Framework, version 4.3.0.1-4.3.0.4 | Oracle Utilities Applications |
Oracle Utilities Network Management System, versions 1.12.0.3, 2.3.0.0, 2.3.0.1, 2.3.0.2 | Oracle Utilities Applications |
Oracle VM VirtualBox, versions prior to 5.2.24, prior to 6.0.2 | Virtualization |
Oracle Web Cache, version 11.1.1.9.0 | Fusion Middleware |
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0 | Fusion Middleware |
Oracle WebCenter Sites, version 11.1.1.8.0 | Fusion Middleware |
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.3 | Fusion Middleware |
OSS Support Tools, versions prior to 19.1 | Support Tools |
PeopleSoft Enterprise CC Common Application Objects, version 9.2 | PeopleSoft |
PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2 | PeopleSoft |
PeopleSoft Enterprise HCM eProfile Manager Desktop, version 9.2 | PeopleSoft |
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57 | PeopleSoft |
PeopleSoft Enterprise SCM eProcurement, version 9.2 | PeopleSoft |
Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12, 18.8 | Oracle Construction and Engineering Suite |
Primavera Unifier, versions 16.1, 16.2, 17.1-17.12, 18.8 | Oracle Construction and Engineering Suite |
Siebel Applications, versions 18.10, 18.11 | Siebel |
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.8.2 | Systems |
Tape Library ACSLS, version 8.4 | Systems |
Fecha actualización el 2021-01-17. Fecha publicación el 2019-01-17. Categoría: oracle Autor:
Oscar olg Mapa del sitio Fuente:
gbhackers