Oracle 제품 보안 업데이트 권고[2023-08/1]

[KISA] 보안공지 참고

Oracle 제품 보안 업데이트 권고

□ 개요

o 오라클社 CPU에서 자사 제품의 보안 취약점 508개에 대한 패치 발표 [1]

※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트

o 영향받는 버전을 사용 중인 시스템 사용자는 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 패치 관련 문서

영향받는 제품패치 관련 문서

Application Management Pack for Oracle Utilities &Enterprise Taxation, versions 13.4.1.0.0, 13.5.1.0.0

Oracle Utilities Applications

BI Publisher, versions 6.4.0.0.0, 7.0.0.0.0

Oracle Analytics

JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.7.4

JD Edwards

JD Edwards EnterpriseOne Tools, versions prior to 9.2.7.4

JD Edwards

MySQL Cluster, versions 8.0.33 and prior

MySQL

MySQL Connectors, versions 8.0.33 and prior

MySQL

MySQL Enterprise Monitor, versions 8.0.34 and prior

MySQL

MySQL Server, versions 5.7.42 and prior, 8.0.33 and prior

MySQL

MySQL Workbench, versions 8.0.33 and prior

MySQL

Oracle Access Manager, version 12.2.1.4.0

Fusion Middleware

Oracle Agile Engineering Data Management, versions 6.2.1.0-6.2.1.8

Oracle Supply Chain Products

Oracle Agile PLM, version 9.3.6

Oracle Supply Chain Products

Oracle Application Express, versions [Application Express Administration] 18.2-22.2, [Application Express Customers Plugin] 18.2-22.2, [Application Express Team Calendar Plugin] 18.2-22.1

Database

Oracle Application Testing Suite, version 13.3.0.1

Oracle Enterprise Manager

Oracle AutoVue, versions 21.0.2.0-21.0.2.7

Oracle Supply Chain Products

Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2

Oracle Supply Chain Products

Oracle BAM (Business Activity Monitoring), version 12.2.1.4.0

Fusion Middleware

Oracle Banking APIs, versions 18.2.0.0.0, 18.3.0.0.0, 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0

Contact Support

Oracle Banking Branch, versions 14.5-14.7

Contact Support

Oracle Banking Cash Management, versions 14.7.0.2.0, 14.7.1.0.0

Contact Support

Oracle Banking Corporate Lending, versions 14.0-14.3, 14.5-14.7

Contact Support

Oracle Banking Corporate Lending Process Management, versions 14.4-14.7

Contact Support

Oracle Banking Credit Facilities Process Management, version 14.7.1.0.0

Contact Support

Oracle Banking Digital Experience, versions 18.2.0.0.0, 18.3.0.0.0, 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0

Contact Support

Oracle Banking Liquidity Management, versions 14.5.0.8.0, 14.6.0.3.0, 14.6.0.4.0, 14.7.0.1.0, 14.7.0.2.0, 14.7.1.0.0

Contact Support

Oracle Banking Origination, versions 14.5-14.7, 14.7.0

Contact Support

Oracle Banking Payments, versions 14.5-14.7

Contact Support

Oracle Banking Supply Chain Finance, versions 14.7.0.2.0, 14.7.1.0.0

Contact Support

Oracle Banking Trade Finance, versions 14.0-14.3, 14.5-14.7

Contact Support

Oracle Banking Trade Finance Process Management, versions 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0, 14.7.1.0.0

Contact Support

Oracle Banking Treasury Management, versions 14.5-14.7

Contact Support

Oracle Big Data Spatial and Graph, version 3.0

Database

Oracle Business Intelligence Enterprise Edition, versions 6.4.0.0.0, 7.0.0.0.0, 12.2.1.4.0

Oracle Analytics

Oracle Business Process Management Suite, version 12.2.1.4.0

Fusion Middleware

Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

Oracle Commerce Guided Search, version 11.3.2

Oracle Commerce

Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2

Oracle Commerce

Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.8.0

Oracle Communications Billing and Revenue Management

Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.4.0-12.0.0.8.0

Oracle Communications BRM - Elastic Charging Engine

Oracle Communications Calendar Server, versions 8.0.0.2.0-8.0.0.7.0

Oracle Communications Calendar Server

Oracle Communications Cloud Native Core Automated Test Suite, versions 22.4.1, 23.1.0, 23.1.1

Oracle Communications Cloud Native Core Automated Test Suite

Oracle Communications Cloud Native Core Binding Support Function, versions 22.4.0, 23.1.0

Oracle Communications Cloud Native Core Binding Support Function

Oracle Communications Cloud Native Core Console, versions 22.4.2, 23.1.1

Oracle Communications Cloud Native Core Console

Oracle Communications Cloud Native Core Network Exposure Function, versions 22.4.3, 23.1.2

Oracle Communications Cloud Native Core Network Exposure Function

Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 23.1.0

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Oracle Communications Cloud Native Core Network Repository Function, versions 22.4.2, 22.4.3, 23.1.0, 23.1.1, 23.2.0

Oracle Communications Cloud Native Core Network Repository Function

Oracle Communications Cloud Native Core Policy, versions 22.4.0, 23.1.0, 23.2.0

Oracle Communications Cloud Native Core Policy

Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.3.2, 22.4.0, 22.4.3, 23.1.0, 23.1.1, 23.1.2

Oracle Communications Cloud Native Core Security Edge Protection Proxy

Oracle Communications Cloud Native Core Service Communication Proxy, versions 22.4.0, 23.1.0

Oracle Communications Cloud Native Core Service Communication Proxy

Oracle Communications Cloud Native Core Unified Data Repository, version 23.1.1

Oracle Communications Cloud Native Core Unified Data Repository

Oracle Communications Contacts Server, versions 8.0.0.6.0-8.0.0.8.0

Oracle Communications Contacts Server

Oracle Communications Converged Application Server - Service Controller, version 6.2.0

Oracle Communications Converged Application Server - Service Controller

Oracle Communications Convergence, version 3.0.3.2

Oracle Communications Convergence

Oracle Communications Convergent Charging Controller, versions 12.0.3.0.0-12.0.6.0.0

Oracle Communications Convergent Charging Controller

Oracle Communications Design Studio, versions 7.4.0.7.0, 7.4.1.5.0, 7.4.2.8.0

Oracle Communications Design Studio

Oracle Communications Diameter Signaling Router, version 8.6.0.0

Oracle Communications Diameter Signaling Router

Oracle Communications Instant Messaging Server, version 10.0.1.7.0

Oracle Communications Instant Messaging Server

Oracle Communications Messaging Server, version 8.1.0.21.0

Oracle Communications Messaging Server

Oracle Communications Network Analytics Data Director, version 23.1.0

Oracle Communications Network Analytics Data Director

Oracle Communications Network Charging and Control, versions 12.0.3.0.0-12.0.6.0.0

Oracle Communications Network Charging and Control

Oracle Communications Network Integrity, version 7.3.6.4

Oracle Communications Network Integrity

Oracle Communications Operations Monitor, versions 5.0, 5.1

Oracle Communications Operations Monitor

Oracle Communications Order and Service Management, versions 7.3.5, 7.4.0, 7.4.1

Oracle Communications Order and Service Management

Oracle Communications Pricing Design Center, versions 12.0.0.4.0-12.0.0.7.0

Oracle Communications Pricing Design Center

Oracle Communications Unified Assurance, versions 5.5.0-5.5.17, 6.0.0-6.0.2

Oracle Communications Unified Assurance

Oracle Communications Unified Inventory Management, versions 7.4.0-7.4.2, 7.5.0

Oracle Communications Unified Inventory Management

Oracle Data Integrator, version 12.2.1.4.0

Fusion Middleware

Oracle Database Server, versions 19.3-19.19, 21.3-21.10

Database

Oracle Documaker, versions 12.6.1-12.7.1

Oracle Insurance Applications

Oracle E-Business Suite, versions 12.2.3-12.3.12

Oracle E-Business Suite

Oracle Enterprise Data Quality, version 12.2.1.4.0

Fusion Middleware

Oracle Enterprise Manager for Exadata, version 13.5.0.0

Oracle Enterprise Manager

Oracle Enterprise Manager for Fusion Middleware, version 13.5.0.0

Oracle Enterprise Manager

Oracle Enterprise Manager for Oracle Database, version 13.5.0.0

Oracle Enterprise Manager

Oracle Enterprise Manager Ops Center, version 12.4.0.0

Oracle Enterprise Manager

Oracle Enterprise Operations Monitor, versions 5.0, 5.1

Oracle Enterprise Operations Monitor

Oracle Essbase, version 21.4.3.0.0

Database

Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7, 8.0.8, 8.1.0, 8.1.1, 8.1.2

Oracle Financial Services Analytical Applications Infrastructure

Oracle Financial Services Behavior Detection Platform, versions 8.0.8.1, 8.1.1.1, 8.1.2.4, 8.1.2.5

Oracle Financial Services Behavior Detection Platform

Oracle Financial Services Compliance Studio, version 8.1.2.4

Oracle Financial Services Compliance Studio

Oracle Financial Services Enterprise Case Management, versions 8.0.8.2, 8.1.1.1, 8.1.2.4, 8.1.2.5

Oracle Financial Services Enterprise Case Management

Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, version 8.0.8

Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition

Oracle FLEXCUBE Investor Servicing, version 14.7.0.0.0

Contact Support

Oracle FLEXCUBE Universal Banking, versions 14.0-14.7

Contact Support

Oracle Fusion Middleware MapViewer, version 12.2.1.4.0

Fusion Middleware

Oracle GoldenGate, versions 19.1.0.0.0-19.1.0.0.230422, 21.3.0.0.0-21.10.0.0.5

Database

Oracle GoldenGate Stream Analytics, versions 19.1.0.0.0-19.1.0.0.7

Database

Oracle GraalVM Enterprise Edition, versions 20.3.10, 21.3.6, 22.3.2

Java SE

Oracle GraalVM for JDK, versions 17.0.7, 20.0.1

Java SE

Oracle Graph Server and Client, versions 21.4.6, 21.4.7, 22.4.1, 22.4.2, 23.1.0

Database

Oracle Health Sciences Sciences Data Management Workbench, versions 3.1.0.2, 3.1.1.3, 3.2.0.0

Health Sciences

Oracle Hospitality Cruise Shipboard Property Management System, versions 20.1.0, 20.2.0, 20.3.3

Oracle Hospitality Cruise Shipboard Property Management System

Oracle Hospitality Simphony, version 19.5

Oracle Hospitality Simphony

Oracle HTTP Server, version 12.2.1.4.0

Fusion Middleware

Oracle Hyperion Data Relationship Management, version 11.2.13.0.0

Oracle Enterprise Performance Management

Oracle Hyperion Essbase Administration Services, version 21.4.3.0.0

Database

Oracle Hyperion Financial Reporting, version 11.2.13.0.0

Oracle Enterprise Performance Management

Oracle Hyperion Workspace, version 11.2.13.0.0

Oracle Enterprise Performance Management

Oracle Identity Manager, version 12.2.1.4.0

Fusion Middleware

Oracle Identity Manager Connector, versions 9.1.0, 12.2.1.3.0

Fusion Middleware

Oracle Java SE, versions 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1

Java SE

Oracle JDeveloper, version 12.2.1.4.0

Fusion Middleware

Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0

Fusion Middleware

Oracle Mobile Security Suite, versions prior to 11.1.2.3.1

Fusion Middleware

Oracle NoSQL Database, versions 19.5.33, 20.3.28, 21.2.55, 22.3.26

NoSQL Database

Oracle Policy Automation, versions prior to 12.2.31

Oracle Policy Automation

Oracle Retail Advanced Inventory Planning, versions 15.0, 16.0

Retail Applications

Oracle Retail Bulk Data Integration, versions 16.0.3, 19.0.1

Retail Applications

Oracle Retail Financial Integration, versions 14.2.0, 15.0.4, 16.0.3, 19.0.1

Retail Applications

Oracle Retail Integration Bus, versions 14.2.0, 15.0.4, 16.0.3, 19.0.1

Retail Applications

Oracle Retail Order Broker, version 19.1

Retail Applications

Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3

Retail Applications

Oracle Retail Service Backbone, versions 14.2.0, 15.0.4, 16.0.3, 19.0.1

Retail Applications

Oracle SD-WAN Edge, version 9.1.1.5.0

Oracle SD-WAN Edge

Oracle Secure Backup, version 18.1.0.1.0

Oracle Secure Backup

Oracle Service Bus, version 12.2.1.4.0

Fusion Middleware

Oracle SOA Suite, version 12.2.1.4.0

Fusion Middleware

Oracle Solaris, version 11

Systems

Oracle Spatial Studio, version 22.3.0

Database

Oracle TimesTen In-Memory Database, versions 22.1.1.1.0-22.1.1.11.0

Database

Oracle Utilities Application Framework, versions 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.0, 4.5.0.1.1

Oracle Utilities Applications

Oracle Utilities Network Management System, versions 2.4.0.1.21, 2.5.0.0.9, 2.5.0.1, 2.5.0.1.11, 2.5.0.2, 2.5.0.2.3, 2.6.0.0

Oracle Utilities Applications

Oracle Utilities Testing Accelerator, versions 6.0.0.1-7.0.0.0

Oracle Utilities Applications

Oracle VM VirtualBox, versions prior to 6.1.46, prior to 7.0.10

Virtualization

Oracle WebCenter Content, version 12.2.1.4.0

Fusion Middleware

Oracle WebCenter Sites, version 12.2.1.4.0

Fusion Middleware

Oracle WebLogic Server, versions 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

PeopleSoft Enterprise PeopleTools, versions 8.59, 8.60

PeopleSoft

Primavera Gateway, versions 18.8.0-18.8.15, 19.12.0-19.12.16, 20.12.0-20.12.11, 21.12.0-21.12.9

Oracle Construction and Engineering Suite

Primavera P6 Enterprise Project Portfolio Management, versions 22.12.2, 22.12.3

Oracle Construction and Engineering Suite

Primavera Unifier, versions 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.15, 22.12.0-22.12.6

Oracle Construction and Engineering Suite

Siebel Applications, versions 22.12 and prior, 23.6 and prior

Siebel

□ 해결 방안

o “Oracle Critical Patch Update Advisory - July 2023”에서 제시한 패치 관련 사항을 검토하고 벤더 및 유지보수 업체와 협의/검토 후 패치 적용 [1]

o JAVA SE 사용자는 설치된 제품의 최신 버전 다운로드[2] 및 설치하거나, Java 업데이트 자동 알림 설정 권고 [3]

□ 기타 문의사항

o 한국인터넷진흥원 사이버민원센터: 국번 없이 118

[참고사이트]

[1] https://www.oracle.com/security-alerts/cpujul2023.html

[2] https://www.oracle.com/java/technologies/downloads/

[3] https://www.java.com/ko/download/help/java_update.html

□ 작성 : [KISA] 침해사고분석단 취약점분석팀

출처 : KISA 바로가기

Logo[NHN Cloud] 2022년 NHN Cloud 교육 정보 공유NHN Cloud
NHN Cloud 정보 사이트
LogoUnix 시스템 취약점 진단 분석 평가 방법System Security Vulnerability
취약점 진단 분석 평가 방법 사이트
Previous지니언스 NAC 제품 보안 업데이트 권고[2023-08/1]NextApache 제품 보안 업데이트 권고[2023-08/1]

Last updated