Oracle 제품 보안 업데이트 권고[2023-01]

[KISA] 보안공지 참고

Oracle 제품 보안 업데이트 권고

□ 개요

o 오라클社 CPU에서 자사 제품의 보안 취약점 327개에 대한 패치 발표 [1]

※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트

o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향을 받는 버전 및 제품

영향받는 제품	패치 관련 문서
Big Data Spatial and Graph, versions prior to 21.4.3, prior to 23.1.0	Data
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0	Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0	Enterprise Manager
Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2411, prior to XCP3111, prior to XCP4011	Systems
GoldenGate Stream Analytics, versions prior to 19.1.0.0.8	Data
GoldenGate Veridata, versions prior to 12.2.1.4.220831	Data
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.7.2	JD Edwards
JD Edwards EnterpriseOne Tools, versions prior to 9.2.7.2	JD Edwards
Management Cloud Engine, version 22.1.0.0.0	Oracle Management Cloud Engine
Management Pack for Oracle GoldenGate, versions prior to 12.2.1.2.221115	Data
Middleware Common Libraries and Tools, versions 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
MySQL Cluster, versions 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior, 8.0.31 and prior	MySQL
MySQL Connectors, versions 8.0.31 and prior	MySQL
MySQL Enterprise Monitor, versions 8.0.32 and prior	MySQL
MySQL Server, versions 5.7.40 and prior, 8.0.31 and prior	MySQL
MySQL Shell, versions 8.0.31 and prior	MySQL
MySQL Workbench, versions 8.0.31 and prior	MySQL
Oracle Access Manager, version 12.2.1.4.0	Fusion Middleware
Oracle Agile PLM, version 9.3.6	Oracle Supply Chain Products
Oracle AutoVue, versions prior to 21.0.2.6	Oracle Supply Chain Products
Oracle Banking Enterprise Default Management, versions 2.6.2, 2.7.0, 2.7.1, 2.12.0	Oracle Banking Platform
Oracle Banking Loans Servicing, versions 2.8.0, 2.12.0	Oracle Banking Platform
Oracle Banking Party Management, version 2.7.0	Oracle Banking Platform
Oracle Banking Platform, versions 2.6.2, 2.7.1, 2.9.0, 2.12.0	Oracle Banking Platform
Oracle BI Publisher, versions 5.9.0.0.0, 6.4.0.0.0, 12.2.1.4.0	Oracle Analytics
Oracle Business Intelligence Enterprise Edition, versions 5.9.0.0.0, 6.4.0.0.0	Oracle Analytics
Oracle Coherence, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2	Oracle Commerce
Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.7.0	Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.3.0-12.0.0.7.0	Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Calendar Server, version 8.0.0.6.0	Oracle Communications Calendar Server
Oracle Communications Cloud Native Core Automated Test Suite, versions 22.2.2, 22.3.1, 22.4.0	Oracle Communications Cloud Native Core Automated Test Suite
Oracle Communications Cloud Native Core Binding Support Function, versions 22.1.0, 22.1.1, 22.2.0, 22.2.1, 22.2.2, 22.2.4, 22.3.0-22.4.0	Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, versions 22.3.0, 22.4.0	Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Data Analytics Function, version 22.0.0.0.0	Oracle Communications Cloud Native Core Network Data Analytics Function
Oracle Communications Cloud Native Core Network Exposure Function, versions 22.3.1, 22.4.0	Oracle Communications Cloud Native Core Network Exposure Function
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 22.3.0	Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, versions 22.3.0, 22.3.2	Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Network Slice Selection Function, versions 22.3.1, 22.4.1	Oracle Communications Cloud Native Core Network Slice Selection Function
Oracle Communications Cloud Native Core Policy, versions 1.11.0, 22.3.0, 22.4.0	Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.3.1, 22.4.0	Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Unified Data Repository, versions 22.2.2, 22.2.3, 22.3.3, 22.3.4, 22.4.0	Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Contacts Server, version 8.0.0.7.0	Oracle Communications Contacts Server
Oracle Communications Converged Application Server, versions 7.1.0, 8.0.0	Oracle Communications Converged Application Server
Oracle Communications Convergence, version 3.0.3.1.0	Oracle Communications Convergence
Oracle Communications Design Studio, version 7.4.2	Oracle Communications Design Studio
Oracle Communications Diameter Intelligence Hub, version 8.2.3.0	Oracle Communications Diameter Signaling Router
Oracle Communications Diameter Signaling Router, version 8.6.0.0	Oracle Communications Diameter Signaling Router
Oracle Communications Elastic Charging Engine, versions 12.0.0.3.0-12.0.0.7.0	Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Instant Messaging Server, version 10.0.1.6.0	Oracle Communications Instant Messaging Server
Oracle Communications Messaging Server, version 8.1.0.20.0	Oracle Communications Messaging Server
Oracle Communications MetaSolv Solution, version 6.3.1	Oracle Communications MetaSolv Solution
Oracle Communications Order and Service Management, version 7.4.0	Oracle Communications Order and Service Management
Oracle Communications Performance Intelligence Center (PIC) Software, version 10.4.0.4.1	Oracle Communications Performance Intelligence Center (PIC) Software
Oracle Communications Pricing Design Center, versions 12.0.0.5.0-12.0.0.7.0	Oracle Communications Pricing Design Center
Oracle Communications Unified Assurance, versions 5.5.0-5.5.9, 6.0.0-6.0.1	Oracle Communications Unified Assurance
Oracle Communications Unified Inventory Management, versions 7.4.0-7.4.2, 7.5.0	Oracle Communications Unified Inventory Management
Oracle Data Server, versions 19c, 21c, [Perl] prior to 5.35	Data
Oracle Demantra Demand Management, versions 12.1, 12.2, 12.2.7, 12.2.8, 12.2.9, 12.2.10, 12.2.11, 12.2.12	Oracle Supply Chain Products
Oracle Documaker, versions 12.4.0-12.7.0	Oracle Insurance Applications
Oracle E-Business Suite, versions 12.2.3-12.2.12	Oracle E-Business Suite
Oracle Ess, version 21.4	Data
Oracle Financial Services Crime and Compliance Management Studio, version 8.0.8.3.1	Oracle Financial Services Crime and Compliance Management Studio
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0	Fusion Middleware
Oracle Global Lifecycle Management NextGen OUI Framework, versions prior to 13.9.4.2.11	Fusion Middleware
Oracle Global Lifecycle Management OPatchAuto, versions [DB] prior to 12.2.0.1.35	Global Lifecycle Management
Oracle GraalVM Enterprise Edition, versions 20.3.8, 21.3.4, 22.3.0	Java SE
Oracle Graph Server and Client, versions prior to 21.4.3, prior to 22.4.0, prior to 23.1.0	Data
Oracle Health Sciences Empirica Signal, versions 9.1.0.52, 9.2.0.52	Health Sciences
Oracle Healthcare Data Repository, versions 8.1.0.0-8.1.3.1	HealthCare Applications
Oracle Healthcare Translational Research, versions 4.1.0.0-4.1.1.1	HealthCare Applications
Oracle Hospitality Cruise Shipboard Property Management System, version 20.2.2	Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Gift and Loyalty, version 9.1.0	Oracle Hospitality Gift and Loyalty
Oracle Hospitality Labor Management, version 9.1.0	Oracle Hospitality Labor Management
Oracle Hospitality Reporting and Analytics, version 9.1.0	Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony, versions 18.2.11, 19.3.4	Oracle Hospitality Simphony
Oracle HTTP Server, version 12.2.1.4.0	Fusion Middleware
Oracle Hyperion Infrastructure Technology, version 11.2.10	Oracle Enterprise Performance Management
Oracle Java SE, versions 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1	Java SE
Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0	Fusion Middleware
Oracle Outside In Technology, version 8.5.6	Fusion Middleware
Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3	Retail Applications
Oracle SD-WAN Aware, versions 8.2.1.9.0, 9.0.1.4.0	Oracle SD-WAN Aware
Oracle Solaris, versions 10, 11	Systems
Oracle Spatial Studio, versions prior to 22.3.0	Data
Oracle Stream Analytics, versions prior to 19.1.0.0.8	Data
Oracle TimesTen In-Memory Data, versions prior to 11.2.2.8.65	Data
Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0	Oracle Utilities Applications
Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1, 2.5.0.0-2.5.0.2	Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.42, prior to 7.0.6	Virtualization
Oracle Web Services Manager, version 12.2.1.4.0	Fusion Middleware
Oracle WebCenter Content, version 12.2.1.4.0	Fusion Middleware
Oracle WebCenter Sites, version 12.2.1.4.0	Fusion Middleware
Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
OSS Support Tools, versions 2.12.43, 22.2.22.4.5, 22.4.22.10.18	Oracle Support Tools
PeopleSoft Enterprise CC Common Application Objects, version 9.2	PeopleSoft
PeopleSoft Enterprise CS Academic Advisement, version 9.2	PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59, 8.60	PeopleSoft
Primavera Gateway, versions 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10, 21.12.0-21.12.8	Oracle Construction and Engineering Suite
Primavera Unifier, versions 18.8, 19.12, 20.12, 21.12, 22.12	Oracle Construction and Engineering Suite
Siebel Applications, versions 22.10 and prior	Siebel

영향받는 제품

패치 관련 문서

Big Data Spatial and Graph, versions prior to 21.4.3, prior to 23.1.0

Data

Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0

Enterprise Manager

Enterprise Manager Ops Center, version 12.4.0.0

Enterprise Manager

Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2411, prior to XCP3111, prior to XCP4011

Systems

GoldenGate Stream Analytics, versions prior to 19.1.0.0.8

Data

GoldenGate Veridata, versions prior to 12.2.1.4.220831

Data

JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.7.2

JD Edwards

JD Edwards EnterpriseOne Tools, versions prior to 9.2.7.2

JD Edwards

Management Cloud Engine, version 22.1.0.0.0

Oracle Management Cloud Engine

Management Pack for Oracle GoldenGate, versions prior to 12.2.1.2.221115

Data

Middleware Common Libraries and Tools, versions 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

MySQL Cluster, versions 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior, 8.0.31 and prior

MySQL

MySQL Connectors, versions 8.0.31 and prior

MySQL

MySQL Enterprise Monitor, versions 8.0.32 and prior

MySQL

MySQL Server, versions 5.7.40 and prior, 8.0.31 and prior

MySQL

MySQL Shell, versions 8.0.31 and prior

MySQL

MySQL Workbench, versions 8.0.31 and prior

MySQL

Oracle Access Manager, version 12.2.1.4.0

Fusion Middleware

Oracle Agile PLM, version 9.3.6

Oracle Supply Chain Products

Oracle AutoVue, versions prior to 21.0.2.6

Oracle Supply Chain Products

Oracle Banking Enterprise Default Management, versions 2.6.2, 2.7.0, 2.7.1, 2.12.0

Oracle Banking Platform

Oracle Banking Loans Servicing, versions 2.8.0, 2.12.0

Oracle Banking Platform

Oracle Banking Party Management, version 2.7.0

Oracle Banking Platform

Oracle Banking Platform, versions 2.6.2, 2.7.1, 2.9.0, 2.12.0

Oracle Banking Platform

Oracle BI Publisher, versions 5.9.0.0.0, 6.4.0.0.0, 12.2.1.4.0

Oracle Analytics

Oracle Business Intelligence Enterprise Edition, versions 5.9.0.0.0, 6.4.0.0.0

Oracle Analytics

Oracle Coherence, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

Oracle Commerce Guided Search, version 11.3.2

Oracle Commerce

Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.7.0

Oracle Communications Billing and Revenue Management

Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.3.0-12.0.0.7.0

Oracle Communications BRM - Elastic Charging Engine

Oracle Communications Calendar Server, version 8.0.0.6.0

Oracle Communications Calendar Server

Oracle Communications Cloud Native Core Automated Test Suite, versions 22.2.2, 22.3.1, 22.4.0

Oracle Communications Cloud Native Core Automated Test Suite

Oracle Communications Cloud Native Core Binding Support Function, versions 22.1.0, 22.1.1, 22.2.0, 22.2.1, 22.2.2, 22.2.4, 22.3.0-22.4.0

Oracle Communications Cloud Native Core Binding Support Function

Oracle Communications Cloud Native Core Console, versions 22.3.0, 22.4.0

Oracle Communications Cloud Native Core Console

Oracle Communications Cloud Native Core Network Data Analytics Function, version 22.0.0.0.0

Oracle Communications Cloud Native Core Network Data Analytics Function

Oracle Communications Cloud Native Core Network Exposure Function, versions 22.3.1, 22.4.0

Oracle Communications Cloud Native Core Network Exposure Function

Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 22.3.0

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Oracle Communications Cloud Native Core Network Repository Function, versions 22.3.0, 22.3.2

Oracle Communications Cloud Native Core Network Repository Function

Oracle Communications Cloud Native Core Network Slice Selection Function, versions 22.3.1, 22.4.1

Oracle Communications Cloud Native Core Network Slice Selection Function

Oracle Communications Cloud Native Core Policy, versions 1.11.0, 22.3.0, 22.4.0

Oracle Communications Cloud Native Core Policy

Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.3.1, 22.4.0

Oracle Communications Cloud Native Core Security Edge Protection Proxy

Oracle Communications Cloud Native Core Unified Data Repository, versions 22.2.2, 22.2.3, 22.3.3, 22.3.4, 22.4.0

Oracle Communications Cloud Native Core Unified Data Repository

Oracle Communications Contacts Server, version 8.0.0.7.0

Oracle Communications Contacts Server

Oracle Communications Converged Application Server, versions 7.1.0, 8.0.0

Oracle Communications Converged Application Server

Oracle Communications Convergence, version 3.0.3.1.0

Oracle Communications Convergence

Oracle Communications Design Studio, version 7.4.2

Oracle Communications Design Studio

Oracle Communications Diameter Intelligence Hub, version 8.2.3.0

Oracle Communications Diameter Signaling Router

Oracle Communications Diameter Signaling Router, version 8.6.0.0

Oracle Communications Diameter Signaling Router

Oracle Communications Elastic Charging Engine, versions 12.0.0.3.0-12.0.0.7.0

Oracle Communications BRM - Elastic Charging Engine

Oracle Communications Instant Messaging Server, version 10.0.1.6.0

Oracle Communications Instant Messaging Server

Oracle Communications Messaging Server, version 8.1.0.20.0

Oracle Communications Messaging Server

Oracle Communications MetaSolv Solution, version 6.3.1

Oracle Communications MetaSolv Solution

Oracle Communications Order and Service Management, version 7.4.0

Oracle Communications Order and Service Management

Oracle Communications Performance Intelligence Center (PIC) Software, version 10.4.0.4.1

Oracle Communications Performance Intelligence Center (PIC) Software

Oracle Communications Pricing Design Center, versions 12.0.0.5.0-12.0.0.7.0

Oracle Communications Pricing Design Center

Oracle Communications Unified Assurance, versions 5.5.0-5.5.9, 6.0.0-6.0.1

Oracle Communications Unified Assurance

Oracle Communications Unified Inventory Management, versions 7.4.0-7.4.2, 7.5.0

Oracle Communications Unified Inventory Management

Oracle Data Server, versions 19c, 21c, [Perl] prior to 5.35

Data

Oracle Demantra Demand Management, versions 12.1, 12.2, 12.2.7, 12.2.8, 12.2.9, 12.2.10, 12.2.11, 12.2.12

Oracle Supply Chain Products

Oracle Documaker, versions 12.4.0-12.7.0

Oracle Insurance Applications

Oracle E-Business Suite, versions 12.2.3-12.2.12

Oracle E-Business Suite

Oracle Ess, version 21.4

Data

Oracle Financial Services Crime and Compliance Management Studio, version 8.0.8.3.1

Oracle Financial Services Crime and Compliance Management Studio

Oracle Fusion Middleware MapViewer, version 12.2.1.4.0

Fusion Middleware

Oracle Global Lifecycle Management NextGen OUI Framework, versions prior to 13.9.4.2.11

Fusion Middleware

Oracle Global Lifecycle Management OPatchAuto, versions [DB] prior to 12.2.0.1.35

Global Lifecycle Management

Oracle GraalVM Enterprise Edition, versions 20.3.8, 21.3.4, 22.3.0

Java SE

Oracle Graph Server and Client, versions prior to 21.4.3, prior to 22.4.0, prior to 23.1.0

Data

Oracle Health Sciences Empirica Signal, versions 9.1.0.52, 9.2.0.52

Health Sciences

Oracle Healthcare Data Repository, versions 8.1.0.0-8.1.3.1

HealthCare Applications

Oracle Healthcare Translational Research, versions 4.1.0.0-4.1.1.1

HealthCare Applications

Oracle Hospitality Cruise Shipboard Property Management System, version 20.2.2

Oracle Hospitality Cruise Shipboard Property Management System

Oracle Hospitality Gift and Loyalty, version 9.1.0

Oracle Hospitality Gift and Loyalty

Oracle Hospitality Labor Management, version 9.1.0

Oracle Hospitality Labor Management

Oracle Hospitality Reporting and Analytics, version 9.1.0

Oracle Hospitality Reporting and Analytics

Oracle Hospitality Simphony, versions 18.2.11, 19.3.4

Oracle Hospitality Simphony

Oracle HTTP Server, version 12.2.1.4.0

Fusion Middleware

Oracle Hyperion Infrastructure Technology, version 11.2.10

Oracle Enterprise Performance Management

Oracle Java SE, versions 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1

Java SE

Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0

Fusion Middleware

Oracle Outside In Technology, version 8.5.6

Fusion Middleware

Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3

Retail Applications

Oracle SD-WAN Aware, versions 8.2.1.9.0, 9.0.1.4.0

Oracle SD-WAN Aware

Oracle Solaris, versions 10, 11

Systems

Oracle Spatial Studio, versions prior to 22.3.0

Data

Oracle Stream Analytics, versions prior to 19.1.0.0.8

Data

Oracle TimesTen In-Memory Data, versions prior to 11.2.2.8.65

Data

Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0

Oracle Utilities Applications

Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1, 2.5.0.0-2.5.0.2

Oracle Utilities Applications

Oracle VM VirtualBox, versions prior to 6.1.42, prior to 7.0.6

Virtualization

Oracle Web Services Manager, version 12.2.1.4.0

Fusion Middleware

Oracle WebCenter Content, version 12.2.1.4.0

Fusion Middleware

Oracle WebCenter Sites, version 12.2.1.4.0

Fusion Middleware

Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Fusion Middleware

OSS Support Tools, versions 2.12.43, 22.2.22.4.5, 22.4.22.10.18

Oracle Support Tools

PeopleSoft Enterprise CC Common Application Objects, version 9.2

PeopleSoft

PeopleSoft Enterprise CS Academic Advisement, version 9.2

PeopleSoft

PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59, 8.60

PeopleSoft

Primavera Gateway, versions 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10, 21.12.0-21.12.8

Oracle Construction and Engineering Suite

Primavera Unifier, versions 18.8, 19.12, 20.12, 21.12, 22.12

Oracle Construction and Engineering Suite

Siebel Applications, versions 22.10 and prior

Siebel

□ 해결 방안

o "Oracle Critical Patch Update Advisory - January 2023“ 문서 및 패치 사항을 검토하고 벤더 사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]

o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

□ 기타 문의사항

o 한국인터넷진흥원 사이버민원센터: 국번없이 118

[참고사이트]

[1] https://www.oracle.com/security-s/cpujan2023.html

[2] https://www.oracle.com/java/technologies/downloads/

[3] https://www.java.com/ko/download/help/java_update.html

□ 작성 : [KISA] 침해사고분석단 취약점분석팀

출처 : KISA 바로가기

PreviousAMD 제품 보안 업데이트 권고[2023-01]NextMS Exchage Server 2013 기술 지원 종료 대비 보안 권고[2023-01]

Last updated 1 year ago