보안 이슈 - Oracle Critical Patch Update 보안 업데이트 권고

Oracle Critical Patch Update 보안 업데이트 권고

□ 개요
o 오라클 CPU에서 자사 제품의 보안 취약점 349개에 대한 패치 발표 [1]
※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 버전

Autonomous Health Framework	Oracle Autonomous Health Framework
Big Data Spatial and Graph, versions prior to 23.1	Data
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0	Enterprise Manager
Enterprise Manager for MySQL Data	Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0	Enterprise Manager
JD Edwards EnterpriseOne Orchestrator, versions 9.2.6.3 and prior	JD Edwards
JD Edwards EnterpriseOne Tools, versions 9.2.6.3 and prior	JD Edwards
MySQL Cluster, versions 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior, 8.0.29 and prior, and8.0.29 and prior	MySQL
MySQL Enterprise Monitor, versions 8.0.30 and prior	MySQL
MySQL Server, versions 5.7.38 and prior, 8.0.29 and prior	MySQL
MySQL Shell, versions 8.0.28 and prior	MySQL
MySQL Shell for VS Code, versions 1.1.8 and prior	MySQL
MySQL Workbench, versions 8.0.29 and prior	MySQL
Oracle Agile Engineering Data Management, version 6.2.1.0	Oracle Supply Chain Products
Oracle Agile PLM, version 9.3.6	Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, versions 6.2.2, 6.2.3	Oracle Supply Chain Products
Oracle Application Express, versions prior to 22.1.1	Data
Oracle Application Testing Suite, version 13.3.0.1	Enterprise Manager
Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2	Oracle Supply Chain Products
Oracle Banking Branch, version 14.5	Contact Support
Oracle Banking Cash Management, version 14.5	Contact Support
Oracle Banking Corporate Lending Process Management, version 14.5	Contact Support
Oracle Banking Credit Facilities Process Management, version 14.5	Contact Support
Oracle Banking Deposits and Lines of Credit Servicing, version 2.7	Contact Support
Oracle Banking Electronic Data Exchange for Corporates, version 14.5	Contact Support
Oracle Banking Liquidity Management, versions 14.2, 14.5	Contact Support
Oracle Banking Origination, version 14.5	Contact Support
Oracle Banking Party Management, version 2.7	Oracle Banking Platform
Oracle Banking Platform, versions 2.6.2, 2.9, 2.12	Oracle Banking Platform
Oracle Banking Supply Chain Finance, version 14.5	Contact Support
Oracle Banking Trade Finance, version 14.5	Contact Support
Oracle Banking Trade Finance Process Management, version 14.5	Contact Support
Oracle Banking Virtual Account Management, version 14.5	Contact Support
Oracle Berkeley DB	Berkeley DB
Oracle BI Publisher, versions 12.2.1.3.0, 12.2.1.4.0	Oracle Analytics
Oracle Blockchain Platform	Oracle Blockchain Platform
Oracle Business Intelligence Enterprise Edition, version 5.9.0.0.0	Oracle Analytics
Oracle Coherence, versions 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2	Oracle Commerce
Oracle Commerce Merchandising, version 11.3.2	Oracle Commerce
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2	Oracle Commerce
Oracle Communications ASAP, version 7.3	Oracle Communications ASAP
Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.6.0	Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, versions prior to 12.0.0.4.6, prior to 12.0.0.5.1	Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Cloud Native Core Binding Support Function, versions 22.1.3, 22.2.0	Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, versions 22.1.2, 22.2.0	Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Exposure Function, version 22.1.1	Oracle Communications Cloud Native Core Network Exposure Function
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 22.1.0, 22.1.2, 22.2.0	Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, versions 22.1.2, 22.2.0	Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Network Slice Selection Function, version 22.1.1	Oracle Communications Cloud Native Core Network Slice Selection Function
Oracle Communications Cloud Native Core Policy, versions 22.1.3, 22.2.0	Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, version 22.1.1	Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy, version 22.2.0	Oracle Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository, version 22.2.0	Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Core Session Manager, versions 8.2.5, 8.4.5	Oracle Communications Core Session Manager
Oracle Communications Design Studio, version 7.4.2	Oracle Communications Design Studio
Oracle Communications Instant Messaging Server, version 10.0.1.5.0	Oracle Communications Instant Messaging Server
Oracle Communications IP Service Activator	Oracle Communications IP Service Activator
Oracle Communications Offline Mediation Controller, versions prior to 12.0.0.4.4, prior to 12.0.0.5.1	Oracle Communications Offline Mediation Controller
Oracle Communications Operations Monitor, versions 4.3, 4.4, 5.0	Oracle Communications Operations Monitor
Oracle Communications Session Border Controller, versions 8.4, 9.0, 9.1	Oracle Communications Session Border Controller
Oracle Communications Unified Inventory Management, versions 7.4.1, 7.4.2, 7.5.0	Oracle Communications Unified Inventory Management
Oracle Communications Unified Session Manager, version 8.2.5	Oracle Communications Unified Session Manager
Oracle Crystal Ball, versions 11.1.2.0.0-11.1.2.4.900	Oracle Construction and Engineering Suite
Oracle Data Integrator	Fusion Middleware
Oracle Data Server, versions 12.1.0.2, 19c, 21c	Data
Oracle E-Business Suite, versions 12.2.3-12.2.11	Oracle E-Business Suite
Oracle Enterprise Communications Broker, version 3.3	Oracle Enterprise Communications Broker
Oracle Enterprise Operations Monitor, versions 4.3, 4.4, 5.0	Oracle Enterprise Operations Monitor
Oracle Enterprise Session Border Controller, versions 8.4, 9.0, 9.1	Oracle Enterprise Session Border Controller
Oracle Ess, version 21.3	Data
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7.0-8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1	Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform, versions 8.0.7.0, 8.0.8.0, 8.1.1.0-8.1.2.1	Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Crime and Compliance Management Studio, versions 8.0.8.2.0, 8.0.8.3.0	Oracle Financial Services Crime and Compliance Management Studio
Oracle Financial Services Enterprise Case Management, versions 8.0.7.1, 8.0.7.2, 8.0.8.0, 8.0.8.1, 8.1.1.0-8.1.2.1	Oracle Financial Services Enterprise Case Management
Oracle Financial Services Revenue Management and Billing, versions 2.9.0.0.0, 2.9.0.1.0, 3.0.0.0.0-3.2.0.0.0, 4.0.0.0.0	Oracle Financial Services Revenue Management and Billing
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versions 8.0.7.0, 8.0.8.0	Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
Oracle FLEXCUBE Core Banking, versions 5.2, 11.6-11.8, 11.10	Contact Support
Oracle FLEXCUBE Private Banking, version 12.1	Contact Support
Oracle FLEXCUBE Universal Banking, versions 12.1-12.4, 14.0-14.3, 14.5	Contact Support
Oracle Global Lifecycle Management NextGen OUI Framework, versions prior to 13.9.4.2.10	Fusion Middleware
Oracle Global Lifecycle Management OPatch, versions prior to 12.2.0.1.30	Global Lifecycle Management
Oracle GoldenGate, versions [19c] prior to 19.1.0.0.220719, [21c] prior to 21.7.0.0.0	Data
Oracle GraalVM Enterprise Edition, versions 20.3.6, 21.3.2, 22.1.0	Java SE
Oracle Graph Server and Client, versions prior to 22.2.0	Data
Oracle Health Sciences Data Management Workbench, versions 2.4.8.7, 2.5.2.1, 3.0.0.0, 3.1.0.3	Health Sciences
Oracle Health Sciences Empirica Signal, versions 9.1.0.52, 9.2.0.52	Health Sciences
Oracle Health Sciences Information Manager, versions 3.0.0.1, 3.0.1.0-3.0.5.0	HealthCare Applications
Oracle Healthcare Foundation, versions 8.1.0, 8.2.0, 8.2.1	HealthCare Applications
Oracle Hospitality Cruise Shipboard Property Management System, version 20.2.1	Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Inventory Management, version 9.1	Oracle Hospitality Inventory Management
Oracle Hospitality Materials Control, version 18.1	Oracle Hospitality Materials Control
Oracle Hospitality OPERA 5, version 5.6	Oracle Hospitality OPERA 5 Property Services
Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Identity Management Suite	Fusion Middleware
Oracle Identity Manager Connector	Fusion Middleware
Oracle Java SE, versions 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1	Java SE
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Middleware Common Libraries and Tools, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle NoSQL Data	NoSQL Data
Oracle Policy Automation, versions 12.2.0-12.2.25	Oracle Policy Automation
Oracle Policy Automation for Mobile Devices, versions 12.2.0-12.2.24	Oracle Policy Automation
Oracle Product Lifecycle Analytics, version 3.6.1	Oracle Supply Chain Products
Oracle REST Data Services, versions prior to 22.1.1	Data
Oracle Retail Allocation, versions 15.0.3.1, 16.0.3	Retail Applications
Oracle Retail Bulk Data Integration, version 16.0.3	Retail Applications
Oracle Retail Customer Insights, versions 15.0.2, 16.0.2	Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 17.0, 18.0, 19.0	Retail Applications
Oracle Retail Extract Transform and Load, version 13.2.5	Retail Applications
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1	Retail Applications
Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1	Retail Applications
Oracle Retail Merchandising System, versions 16.0.3, 19.0.1	Retail Applications
Oracle Retail Order Broker, versions 18.0, 19.1	Retail Applications
Oracle Retail Pricing, version 19.0.1	Retail Applications
Oracle Retail Sales Audit, versions 15.0.3.1, 16.0.3	Retail Applications
Oracle Retail Xstore Point of Service, versions 17.0.4, 18.0.3, 19.0.2, 20.0.1, 21.0.1	Retail Applications
Oracle SD-WAN Edge, versions 9.0, 9.1	Oracle SD-WAN Edge
Oracle Security Service, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle SOA Suite, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Solaris, versions 10, 11	Systems
Oracle Spatial Studio, versions prior to 22.1.0	Data
Oracle SQL Developer	Data
Oracle Stream Analytics, versions [19c] prior to 19.1.0.0.6.4	Data
Oracle TimesTen In-Memory Data, versions prior to 22.1.1.1.0	Data
Oracle Transportation Management, version 1.4.4	Oracle Supply Chain Products
Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0	Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.36	Virtualization
Oracle WebCenter Content, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebCenter Sites Support Tools, versions prior to 4.4.2	Fusion Middleware
Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle Weblogic Server Proxy Plug-in, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8	Systems
PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59	PeopleSoft
Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.14, 19.12.0-19.12.13, 20.12.0-20.12.8, 21.12.0-21.12.1	Oracle Construction and Engineering Suite
Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0.0-17.12.20.4, 18.8.0.0-18.8.25.4, 19.12.0.0-19.12.19.0, 20.12.0.0-20.12.14.0, 21.12.0.0-21.12.4.0	Oracle Construction and Engineering Suite
Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12	Oracle Construction and Engineering Suite
Siebel Applications, versions 22.6 and prior	Siebel

□ 해결 방안
o "Oracle Critical Patch Update Advisory - July 2022“ 문서 및 패치 사항을 검토하고 벤더 사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

[참고사이트]
[1] https://www.oracle.com/security-s/cpujul2022.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.html

Oracle Critical Patch Update 보안 업데이트 권고

단축키

단축키

Oracle Critical Patch Update 보안 업데이트 권고

5억 4천만명의 페이스북 사용자 데이터 유출

CVE-2020-7842 | 네티스코리아 D'live 케이블 공유기의 임의 명령 삽입 취약점

SuperAntiSpyware 안티멀웨어 프로그램으로 가장하여 설치되는 Kraken 랜섬웨어

Oracle Critical Patch Update 보안 업데이트 권고

회원가입 사이트 조회 및 탈퇴 신청, e프라이버시 클린서비스

위즈베라 통합 보안 설치 프로그램 베라포트(veraport) 보안 업데이트 권고

Cisco 제품 보안 업데이트 권고

안드로이드OS 보안 업데이트 권고

한국인터넷진흥원 사칭 피싱 이메일 주의 권고

카카오톡 고객센터를 사칭하는 피싱 메일을 조심하세요.

WordPress, 해킹당한 사이트의 90%

Juniper 제품군 보안 업데이트 권고

Zoom 제품 보안 업데이트 권고

방글라데시 대사관의 웹 사이트 해킹

트위터에 게시된 Memes에서 명령 실행하는 악성코드 발견

스파이웨어 및 도청 장치를 사용하여 피해자를 모니터하는 스토커

코로나19 여분 백신 예약 안내 사칭 피싱 문자 주의 권고

ZYXEL 제품 보안 업데이트 권고

시큐위즈 VPN 제품 취약점 보안 업데이트 권고

드림시큐리티 MagicLine 취약점 보안 업데이트 권고