Oracle 제품 보안 업데이트 권고[2023-01]

[KISA] 보안공지 참고

Oracle 제품 보안 업데이트 권고

□ 개요

o 오라클社 CPU에서 자사 제품의 보안 취약점 327개에 대한 패치 발표 [1]

※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트

o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향을 받는 버전 및 제품

영향받는 제품
패치 관련 문서

Big Data Spatial and Graph, versions prior to 21.4.3, prior to 23.1.0

Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0

Enterprise Manager Ops Center, version 12.4.0.0

Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2411, prior to XCP3111, prior to XCP4011

GoldenGate Stream Analytics, versions prior to 19.1.0.0.8

GoldenGate Veridata, versions prior to 12.2.1.4.220831

JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.7.2

JD Edwards EnterpriseOne Tools, versions prior to 9.2.7.2

Management Cloud Engine, version 22.1.0.0.0

Management Pack for Oracle GoldenGate, versions prior to 12.2.1.2.221115

Middleware Common Libraries and Tools, versions 12.2.1.4.0, 14.1.1.0.0

MySQL Cluster, versions 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior, 8.0.31 and prior

MySQL Connectors, versions 8.0.31 and prior

MySQL Enterprise Monitor, versions 8.0.32 and prior

MySQL Server, versions 5.7.40 and prior, 8.0.31 and prior

MySQL Shell, versions 8.0.31 and prior

MySQL Workbench, versions 8.0.31 and prior

Oracle Access Manager, version 12.2.1.4.0

Oracle Agile PLM, version 9.3.6

Oracle AutoVue, versions prior to 21.0.2.6

Oracle Banking Enterprise Default Management, versions 2.6.2, 2.7.0, 2.7.1, 2.12.0

Oracle Banking Loans Servicing, versions 2.8.0, 2.12.0

Oracle Banking Party Management, version 2.7.0

Oracle Banking Platform, versions 2.6.2, 2.7.1, 2.9.0, 2.12.0

Oracle BI Publisher, versions 5.9.0.0.0, 6.4.0.0.0, 12.2.1.4.0

Oracle Business Intelligence Enterprise Edition, versions 5.9.0.0.0, 6.4.0.0.0

Oracle Coherence, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Oracle Commerce Guided Search, version 11.3.2

Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.7.0

Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.3.0-12.0.0.7.0

Oracle Communications Calendar Server, version 8.0.0.6.0

Oracle Communications Cloud Native Core Automated Test Suite, versions 22.2.2, 22.3.1, 22.4.0

Oracle Communications Cloud Native Core Binding Support Function, versions 22.1.0, 22.1.1, 22.2.0, 22.2.1, 22.2.2, 22.2.4, 22.3.0-22.4.0

Oracle Communications Cloud Native Core Console, versions 22.3.0, 22.4.0

Oracle Communications Cloud Native Core Network Data Analytics Function, version 22.0.0.0.0

Oracle Communications Cloud Native Core Network Exposure Function, versions 22.3.1, 22.4.0

Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 22.3.0

Oracle Communications Cloud Native Core Network Repository Function, versions 22.3.0, 22.3.2

Oracle Communications Cloud Native Core Network Slice Selection Function, versions 22.3.1, 22.4.1

Oracle Communications Cloud Native Core Policy, versions 1.11.0, 22.3.0, 22.4.0

Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.3.1, 22.4.0

Oracle Communications Cloud Native Core Unified Data Repository, versions 22.2.2, 22.2.3, 22.3.3, 22.3.4, 22.4.0

Oracle Communications Contacts Server, version 8.0.0.7.0

Oracle Communications Converged Application Server, versions 7.1.0, 8.0.0

Oracle Communications Convergence, version 3.0.3.1.0

Oracle Communications Design Studio, version 7.4.2

Oracle Communications Diameter Intelligence Hub, version 8.2.3.0

Oracle Communications Diameter Signaling Router

Oracle Communications Diameter Signaling Router, version 8.6.0.0

Oracle Communications Diameter Signaling Router

Oracle Communications Elastic Charging Engine, versions 12.0.0.3.0-12.0.0.7.0

Oracle Communications Instant Messaging Server, version 10.0.1.6.0

Oracle Communications Messaging Server, version 8.1.0.20.0

Oracle Communications MetaSolv Solution, version 6.3.1

Oracle Communications Order and Service Management, version 7.4.0

Oracle Communications Performance Intelligence Center (PIC) Software, version 10.4.0.4.1

Oracle Communications Pricing Design Center, versions 12.0.0.5.0-12.0.0.7.0

Oracle Communications Unified Assurance, versions 5.5.0-5.5.9, 6.0.0-6.0.1

Oracle Communications Unified Inventory Management, versions 7.4.0-7.4.2, 7.5.0

Oracle Data Server, versions 19c, 21c, [Perl] prior to 5.35

Oracle Demantra Demand Management, versions 12.1, 12.2, 12.2.7, 12.2.8, 12.2.9, 12.2.10, 12.2.11, 12.2.12

Oracle Documaker, versions 12.4.0-12.7.0

Oracle E-Business Suite, versions 12.2.3-12.2.12

Oracle Ess, version 21.4

Oracle Financial Services Crime and Compliance Management Studio, version 8.0.8.3.1

Oracle Fusion Middleware MapViewer, version 12.2.1.4.0

Oracle Global Lifecycle Management NextGen OUI Framework, versions prior to 13.9.4.2.11

Oracle Global Lifecycle Management OPatchAuto, versions [DB] prior to 12.2.0.1.35

Oracle GraalVM Enterprise Edition, versions 20.3.8, 21.3.4, 22.3.0

Oracle Graph Server and Client, versions prior to 21.4.3, prior to 22.4.0, prior to 23.1.0

Oracle Health Sciences Empirica Signal, versions 9.1.0.52, 9.2.0.52

Oracle Healthcare Data Repository, versions 8.1.0.0-8.1.3.1

Oracle Healthcare Translational Research, versions 4.1.0.0-4.1.1.1

Oracle Hospitality Cruise Shipboard Property Management System, version 20.2.2

Oracle Hospitality Gift and Loyalty, version 9.1.0

Oracle Hospitality Labor Management, version 9.1.0

Oracle Hospitality Reporting and Analytics, version 9.1.0

Oracle Hospitality Simphony, versions 18.2.11, 19.3.4

Oracle HTTP Server, version 12.2.1.4.0

Oracle Hyperion Infrastructure Technology, version 11.2.10

Oracle Java SE, versions 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1

Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0

Oracle Outside In Technology, version 8.5.6

Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3

Oracle SD-WAN Aware, versions 8.2.1.9.0, 9.0.1.4.0

Oracle Solaris, versions 10, 11

Oracle Spatial Studio, versions prior to 22.3.0

Oracle Stream Analytics, versions prior to 19.1.0.0.8

Oracle TimesTen In-Memory Data, versions prior to 11.2.2.8.65

Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0

Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1, 2.5.0.0-2.5.0.2

Oracle VM VirtualBox, versions prior to 6.1.42, prior to 7.0.6

Oracle Web Services Manager, version 12.2.1.4.0

Oracle WebCenter Content, version 12.2.1.4.0

Oracle WebCenter Sites, version 12.2.1.4.0

Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

OSS Support Tools, versions 2.12.43, 22.2.22.4.5, 22.4.22.10.18

PeopleSoft Enterprise CC Common Application Objects, version 9.2

PeopleSoft Enterprise CS Academic Advisement, version 9.2

PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59, 8.60

Primavera Gateway, versions 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10, 21.12.0-21.12.8

Primavera Unifier, versions 18.8, 19.12, 20.12, 21.12, 22.12

Siebel Applications, versions 22.10 and prior

□ 해결 방안

o "Oracle Critical Patch Update Advisory - January 2023“ 문서 및 패치 사항을 검토하고 벤더 사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]

o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

□ 기타 문의사항

o 한국인터넷진흥원 사이버민원센터: 국번없이 118

[참고사이트]

[1] https://www.oracle.com/security-s/cpujan2023.html

[2] https://www.oracle.com/java/technologies/downloads/

[3] https://www.java.com/ko/download/help/java_update.html

□ 작성 : [KISA] 침해사고분석단 취약점분석팀

NHN Cloud 정보 사이트
취약점 진단 분석 평가 방법 사이트

Last updated