Oracle 제품 보안 업데이트 권고[2023-04/2]

[KISA] 보안공지 참고

Oracle 제품 보안 업데이트 권고

□ 개요

o 오라클社 CPU에서 자사 제품의 보안 취약점 433개에 대한 패치 발표 [1]

※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트

o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 패치 관련 문서

영향받는 제품패치 관련 문서

JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.7.3

JD Edwards

JD Edwards EnterpriseOne Tools, versions prior to 9.2.7.3

JD Edwards

JD Edwards World Security, version A9.4

JD Edwards

Management Cloud Engine, version 22.1.0.0.0

Management Cloud Engine

MySQL Cluster, versions 7.5.29 and prior, 7.6.25 and prior, 8.0.32 and prior

MySQL

MySQL Connectors, versions 8.0.32 and prior

MySQL

MySQL Enterprise Monitor, versions 8.0.33 and prior

MySQL

MySQL Server, versions 5.7.41 and prior, 8.0.32 and prior

MySQL

MySQL Workbench, versions 8.0.32 and prior

MySQL

Oracle Access Manager, version 12.2.1.4.0

Fusion Middleware

Oracle Agile PLM, version 9.3.6

Oracle Supply Chain Products

Oracle Application Testing Suite, version 13.3.0.1

Oracle Enterprise Manager

Oracle Argus Insight, versions prior to 8.2.3

Health Sciences

Oracle Argus Safety, versions prior to 8.2.3

Health Sciences

Oracle Banking APIs, versions 18.2, 18.3, 19.1, 19.2, 21.1, 22.1, 22.2

Contact Support

Oracle Banking Corporate Lending, versions 14.0-14.3, 14.5-14.7

Contact Support

Oracle Banking Corporate Lending Process Management, versions 14.4-14.7

Contact Support

Oracle Banking Digital Experience, versions 18.2, 18.3, 19.1, 19.2, 21.1, 22.1, 22.2

Contact Support

Oracle Banking Payments, versions 14.5, 14.6, 14.7

Contact Support

Oracle Banking Trade Finance, versions 14.5, 14.6, 14.7

Contact Support

Oracle Banking Treasury Management, versions 14.5, 14.6, 14.7

Contact Support

Oracle Banking Virtual Account Management, versions 14.5, 14.6, 14.7

Contact Support

Oracle BI Publisher, versions 6.4.0.0.0, 12.2.1.4.0

Oracle Analytics

Oracle Big Data Spatial and Graph, versions prior to 23.1

Database

Oracle Blockchain Platform, versions prior to 21.1.3

Oracle Blockchain Platform

Oracle Business Intelligence Enterprise Edition, versions 5.9.0.0.0, 6.4.0.0.0, 12.2.1.4.0

Oracle Analytics

Oracle Business Process Management Suite, version 12.2.1.4.0

Fusion Middleware

Oracle Clinical Remote Data Capture, version 5.4.0.2

Health Sciences

Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

Oracle Commerce Guided Search, version 11.3.2

Oracle Commerce

Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2

Oracle Commerce

Oracle Communications Cloud Native Configuration Console, versions 22.4.1, 23.1.0

Oracle Communications Cloud Native Core Console

Oracle Communications Cloud Native Core Automated Test Suite, versions 22.3.1, 22.4.0

Oracle Communications Cloud Native Core Automated Test Suite

Oracle Communications Cloud Native Core Binding Support Function, versions 22.4.0-22.4.4, 23.1.0-23.1.1

Oracle Communications Cloud Native Core Binding Support Function

Oracle Communications Cloud Native Core Console, versions 22.3.0, 22.4.0

Oracle Communications Cloud Native Core Console

Oracle Communications Cloud Native Core Network Exposure Function, versions 22.4.2, 23.1.0

Oracle Communications Cloud Native Core Network Exposure Function

Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 22.4.0

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Oracle Communications Cloud Native Core Network Repository Function, version 23.1.0

Oracle Communications Cloud Native Core Network Repository Function

Oracle Communications Cloud Native Core Policy, versions 22.4.0-22.4.4, 23.1.0-23.1.1

Oracle Communications Cloud Native Core Policy

Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.4.0, 22.4.1, 22.4.2, 23.1.0

Oracle Communications Cloud Native Core Security Edge Protection Proxy

Oracle Communications Cloud Native Core Service Communication Proxy, versions 22.3.0, 22.4.0

Oracle Communications Cloud Native Core Service Communication Proxy

Oracle Communications Cloud Native Core Unified Data Repository, versions 22.4.1, 23.1.0

Oracle Communications Cloud Native Core Unified Data Repository

Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0

Oracle Communications Convergent Charging Controller

Oracle Communications Core Session Manager, versions 8.45, 9.15

Oracle Communications Core Session Manager

Oracle Communications Diameter Signaling Router, version 8.6.0.0

Oracle Communications Diameter Signaling Router

Oracle Communications Element Manager, versions 9.0.0, 9.0.1

Oracle Communications Element Manager

Oracle Communications IP Service Activator, versions 7.4.0, 7.5.0

Oracle Communications IP Service Activator

Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0

Oracle Communications Network Charging and Control

Oracle Communications Operations Monitor, version 5.0

Oracle Communications Operations Monitor

Oracle Communications Order and Service Management, version 7.4.1

Oracle Communications Order and Service Management

Oracle Communications Policy Management, version 12.6.0.0.0

Oracle Communications Policy Management

Oracle Communications Services Gatekeeper, version 7.0.0.0.0

Oracle Communications Services Gatekeeper

Oracle Communications Session Border Controller, versions 9.0, 9.1

Oracle Communications Session Border Controller

Oracle Communications Session Report Manager, versions 9.0.0, 9.0.1

Oracle Communications Session Report Manager

Oracle Communications Session Router, versions 9.0, 9.1

Oracle Communications Session Router

Oracle Communications Subscriber-Aware Load Balancer, versions 9.0, 9.1

Oracle Communications Subscriber-Aware Load Balancer

Oracle Communications Unified Assurance, versions 5.5.0-5.5.10, 6.0.0-6.0.2

Oracle Communications Unified Assurance

Oracle Communications Unified Inventory Management, versions 7.4.0, 7.4.1, 7.4.2, 7.5.0

Oracle Communications Unified Inventory Management

Oracle Communications User Data Repository, version 12.6.1.0.0

Oracle Communications User Data Repository

Oracle Data Integrator, version 12.2.1.4.0

Fusion Middleware

Oracle Database Server, versions 19c, 21c

Database

Oracle Documaker, versions 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0, 12.7.1.0.0

Oracle Insurance Applications

Oracle E-Business Suite, versions 12.2.3-12.2.12

Oracle E-Business Suite

Oracle Enterprise Communications Broker, versions 3.3, 4.0

Oracle Enterprise Communications Broker

Oracle Enterprise Manager Ops Center, version 12.4.0.0

Oracle Enterprise Manager

Oracle Enterprise Session Router, version 9.1

Oracle Enterprise Session Router

Oracle Essbase, version 21.4

Database

Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1, 8.1.2.2

Oracle Financial Services Analytical Applications Infrastructure

Oracle Financial Services Analytical Applications Reconciliation Framework, versions 8.0.7.1.2, 8.1.1.1.7

Oracle Financial Services Analytical Applications Reconciliation Framework

Oracle Financial Services Asset Liability Management, version 8.0.7.8.0

Oracle Financial Services Asset Liability Management

Oracle Financial Services Balance Computation Engine, version 8.1.1.1.1

Oracle Financial Services Balance Computation Engine

Oracle Financial Services Balance Sheet Planning, version 8.0.8.1.4

Oracle Financial Services Balance Sheet Planning

Oracle Financial Services Behavior Detection Platform, versions 8.0.8.1, 8.1.1.1, 8.1.2.3, 8.1.2.4

Oracle Financial Services Behavior Detection Platform

Oracle Financial Services Compliance Studio, version 8.1.2.4

Oracle Financial Services Compliance Studio

Oracle Financial Services Crime and Compliance Management Studio, version 8.0.8.3.5

Oracle Financial Services Crime and Compliance Management Studio

Oracle Financial Services Currency Transaction Reporting, versions 8.0.8.1.0, 8.1.1.1.0, 8.1.2.3.0, 8.1.2.4.1

Oracle Financial Services Currency Transaction Reporting

Oracle Financial Services Data Governance for US Regulatory Reporting, versions 8.1.2.0, 8.1.2.1

Oracle Financial Services Data Governance for US Regulatory Reporting

Oracle Financial Services Data Integration Hub, versions 8.0.7.3.1, 8.1.0.1.4, 8.1.2.2.1

Oracle Financial Services Data Integration Hub

Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management, versions 8.0.7.3.1, 8.0.8.3.1

Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management

Oracle Financial Services Enterprise Case Management, versions 8.0.8.2, 8.1.1.1, 8.1.2.3, 8.1.2.4

Oracle Financial Services Enterprise Case Management

Oracle Financial Services Enterprise Financial Performance Analytics, version 8.0.7.8.1

Oracle Financial Services Enterprise Financial Performance Analytics

Oracle Financial Services Funds Transfer Pricing, version 8.0.7.8.1

Oracle Financial Services Funds Transfer Pricing

Oracle Financial Services Institutional Performance Analytics, version 8.0.7.8.1

Oracle Financial Services Institutional Performance Analytics

Oracle Financial Services Liquidity Risk Measurement and Management, versions 8.0.7.3.1, 8.0.8.3.1

Oracle Financial Services Liquidity Risk Measurement and Management

Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.7.8.1, 8.0.8.2.1

Oracle Financial Services Hedge Management and IFRS Valuations

Oracle Financial Services Model Management and Governance, versions 8.1.0.0, 8.1.2.0

Oracle Financial Services Model Management and Governance

Oracle Financial Services Profitability Management, version 8.0.7.8.1

Oracle Financial Services Profitability Management

Oracle Financial Services Regulatory Reporting, versions 8.0.8.1, 8.1.1.1, 8.1.2.3, 8.1.2.4

Oracle Financial Services Regulatory Reporting

Oracle Financial Services Regulatory Reporting with AgileREPORTER, version 8.1.1.2.0

Oracle Financial Services Regulatory Reporting with AgileREPORTER

Oracle Financial Services Retail Performance Analytics, version 8.0.7.8.1

Oracle Financial Services Retail Performance Analytics

Oracle Financial Services Revenue Management and Billing, versions 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2, 4.0

Oracle Financial Services Revenue Management and Billing

Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, version 8.0.8.0.0

Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition

Oracle FLEXCUBE Core Banking, versions 11.6, 11.7, 11.8, 11.10, 11.11

Contact Support

Oracle FLEXCUBE Universal Banking, versions 14.0-14.3, 14.5-14.7

Contact Support

Oracle GoldenGate, versions prior to 19.1.0.0.230418, prior to 21.10.0.0.0

Database

Oracle GoldenGate Studio, version [Fusion Middleware] 12.2.1.4.0

Database

Oracle GraalVM Enterprise Edition, versions 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1

Java SE

Oracle Graph Server and Client, versions prior to 23.1.0, prior to 23.2.0

Database

Oracle Health Sciences InForm, versions prior to 6.3.1.3, prior to 7.0.0.1

Health Sciences

Oracle Healthcare Foundation, versions 8.1.0, 8.1.1, 8.2.0, 8.2.1, 8.2.2

HealthCare Applications

Oracle Healthcare Master Person Index, versions 5.0.0-5.0.4

HealthCare Applications

Oracle Healthcare Translational Research, versions 4.1.0, 4.1.1

HealthCare Applications

Oracle Hospitality OPERA 5 Property Services, version 5.6

Oracle Hospitality OPERA 5 Property Services

Oracle HTTP Server, version 12.2.1.4.0

Fusion Middleware

Oracle Hyperion Financial Reporting, version 11.2.12

Oracle Enterprise Performance Management

Oracle Hyperion Infrastructure Technology, version 11.2.12

Oracle Enterprise Performance Management

Oracle Identity Manager, version 12.2.1.4.0

Fusion Middleware

Oracle iLearning, version 6.3.1

iLearning

Oracle Insurance Policy Administration Operational Data Store for Life and Annuity, version 1.0.1.8

Oracle Insurance Applications

Oracle Java SE, versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20

Java SE

Oracle JDeveloper, version 12.2.1.4.0

Fusion Middleware

Oracle Managed File Transfer, version 12.2.1.4.0

Fusion Middleware

Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0

Fusion Middleware

Oracle NoSQL Database, versions prior to 19.5.32

NoSQL Database

Oracle Outside In Technology, version 8.5.6

Fusion Middleware

Oracle REST Data Services, versions prior to 23.1.0

Database

Oracle Retail Customer Management and Segmentation Foundation, versions 18.0.0.12, 19.0.0.6

Retail Applications

Oracle Retail Fiscal Management, version 14.2

Retail Applications

Oracle Retail Invoice Matching, versions 15.0.3, 16.0.3

Retail Applications

Oracle Retail Merchandising System, versions 15.0.3.1, 16.0.2, 16.0.3

Retail Applications

Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3

Retail Applications

Oracle Retail Price Management, versions 14.1.3.2, 15.0.3.1, 16.0.3

Retail Applications

Oracle Retail Sales Audit, version 15.0.3.1

Retail Applications

Oracle Retail Xstore Office Cloud Service, versions 18.0.5, 19.0.4, 20.0.3, 21.0.2

Retail Applications

Oracle Retail Xstore Point of Service, versions 17.0.6, 18.0.5, 19.0.4, 20.0.3, 21.0.2

Retail Applications

Oracle SD-WAN Aware, version 9.0.1.6.0

Oracle SD-WAN Aware

Oracle SD-WAN Edge, versions 9.1.1.3.0, 9.1.1.4.0

Oracle SD-WAN Edge

Oracle SOA Suite, version 12.2.1.4.0

Fusion Middleware

Oracle Solaris, versions 10, 11

Systems

Oracle SQL Developer, versions prior to 22.4.0, prior to 23.1.0

Database

Oracle TimesTen In-Memory Database, versions prior to 22.1.1.7.0

Database

Oracle Utilities Application Framework, versions 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0

Oracle Utilities Applications

Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1, 2.5.0.0, 2.5.0.1, 2.5.0.2

Oracle Utilities Applications

Oracle VM VirtualBox, versions prior to 6.1.44, prior to 7.0.8

Virtualization

Oracle WebCenter Portal, version 12.2.1.4.0

Fusion Middleware

Oracle WebCenter Sites, version 12.2.1.4.0

Fusion Middleware

Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

PeopleSoft Enterprise HCM Human Resources, version 9.2

PeopleSoft

PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59, 8.60

PeopleSoft

Primavera P6 Enterprise Project Portfolio Management, versions 18.8.0-18.8.26, 19.12.0-19.12.21, 20.12.0-20.12.18, 21.12.0-21.12.12, 22.12.0-22.12.3

Oracle Construction and Engineering Suite

Primavera Unifier, versions 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14, 22.12.0-22.12.3

Oracle Construction and Engineering Suite

Siebel Applications, versions 21.10 and prior, 22.10 and prior, 23.3 and prior

Siebel

□ 해결 방안

o “Oracle Critical Patch Update Advisory - April 2023”에서 제시한 패치 관련 사항을 검토하고 벤더 및 유지보수 업체와 협의/검토 후 패치 적용 [1]

o JAVA SE 사용자는 설치된 제품의 최신 버전 다운로드[2] 및 설치하거나, Java 업데이트 자동 알림 설정 권고 [3]

□ 기타 문의사항

o 한국인터넷진흥원 사이버민원센터: 국번없이 118

[참고사이트]

[1] https://www.oracle.com/security-alerts/cpuapr2023.html

[2] https://www.oracle.com/java/technologies/downloads/

[3] https://www.java.com/ko/download/help/java_update.html

□ 작성 : [KISA] 침해사고분석단 취약점분석팀

출처 : KISA 바로가기

Logo[NHN Cloud] 2022년 NHN Cloud 교육 정보 공유NHN Cloud
NHN Cloud 정보 사이트
LogoUnix 시스템 취약점 진단 분석 평가 방법System Security Vulnerability
취약점 진단 분석 평가 방법 사이트
PreviousCisco 제품 보안 업데이트 권고[2023-04/2]Next구글 Chrome 브라우저 보안 업데이트 권고[2023-04/2]

Last updated