Oracle Critical Patch Update 보안 업데이트 권고

Oracle Critical Patch Update 보안 업데이트 권고

□ 개요
 o 오라클 CPU에서 자사 제품의 보안 취약점 497개에 대한 패치 발표 [1]
  ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
 o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 버전

 

영향받는 제품	패치 관련 문서
Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite, version 3.6	Oracle Supply Chain Products
Application Performance Management, versions 13.4.1.0, 13.5.1.0	Enterprise Manager
Big Data Spatial and Graph, versions prior to 23.1	Data
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0	Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0	Enterprise Manager
Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2410, prior to XCP3110	Systems
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3	Oracle Construction and Engineering Suite
JD Edwards EnterpriseOne Tools, versions prior to 9.2.6.1	JD Edwards
MySQL Cluster, versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, 8.0.27 and prior	MySQL
MySQL Connectors, versions 8.0.27 and prior	MySQL
MySQL Server, versions 5.7.36 and prior, 8.0.27 and prior	MySQL
MySQL Workbench, versions 8.0.27 and prior	MySQL
Oracle Access Manager, versions 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Agile Engineering Data Management, version 6.2.1.0	Oracle Supply Chain Products
Oracle Agile PLM, versions 9.3.3, 9.3.6	Oracle Supply Chain Products
Oracle Agile PLM MCAD Connector, versions 3.4, 3.6	Oracle Supply Chain Products
Oracle Airlines Data Model, versions 12.1.1.0.0, 12.2.0.1.0	Oracle Airlines Data Model
Oracle Application Express, versions prior to 21.1.4	Data
Oracle Application Testing Suite, version 13.3.0.1	Enterprise Manager
Oracle Argus Analytics, versions 8.2.1, 8.2.2, 8.2.3	Health Sciences
Oracle Argus Insight, versions 8.2.1, 8.2.2, 8.2.3	Health Sciences
Oracle Argus Mart, versions 8.2.1, 8.2.2, 8.2.3	Health Sciences
Oracle Argus Safety, versions 8.2.1, 8.2.2, 8.2.3	Health Sciences
Oracle Banking APIs, versions 18.1-18.3, 19.1, 19.2, 20.1, 21.1	Contact Support
Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0	Contact Support
Oracle Banking Digital Experience, versions 17.2, 18.1-18.3, 19.1, 19.2, 20.1, 21.1	Contact Support
Oracle Banking Enterprise Default Management, versions 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1, 2.10.0, 2.12.0	Oracle Banking Platform
Oracle Banking Loans Servicing, version 2.12.0	Contact Support
Oracle Banking Party Management, version 2.7.0	Oracle Banking Platform
Oracle Banking Platform, versions 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1	Oracle Banking Platform
Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Business Activity Monitoring, version 12.2.1.4.0	Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Clinical, versions 5.2.1, 5.2.2	Health Sciences
Oracle Commerce Guided Search, version 11.3.2	Oracle Commerce
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2	Oracle Commerce
Oracle Communications Billing and Revenue Management, versions 12.0.0.3, 12.0.0.4	Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, versions 11.3, 12.0	Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Calendar Server, version 8.0.0.5.0	Oracle Communications Calendar Server
Oracle Communications Cloud Native Core Automated Test Suite, version 1.8.0	Oracle Communications Cloud Native Core Automated Test Suite
Oracle Communications Cloud Native Core Binding Support Function, versions 1.9.0, 1.10.0	Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, version 1.7.0	Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 1.9.0	Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, version 1.14.0	Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Policy, version 1.14.0	Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 1.5.0, 1.6.0, 1.15.0	Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy, version 1.14.0	Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository, version 1.14.0	Communications Cloud Native Core Unified Data Repository
Oracle Communications Contacts Server, version 8.0.0.3.0	Oracle Communications Contacts Server
Oracle Communications Convergence, version 3.0.2.2.0	Oracle Communications Convergence
Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0	Oracle Communications Convergent Charging Controller
Oracle Communications Data Model, versions 11.3.2.1.0, 11.3.2.2.0, 11.3.2.3.0, 12.1.0.1.0, 12.1.2.0.0	Oracle Communications Data Model
Oracle Communications Design Studio, versions 7.3.4, 7.3.5, 7.4.0, 7.4.1, 7.4.2	Oracle Communications Design Studio
Oracle Communications Diameter Signaling Router, versions 8.0.0.0-8.5.1.0	Oracle Communications Diameter Signaling Router
Oracle Communications EAGLE Application Processor, versions 16.1-16.4	Oracle Communications EAGLE Application Processor
Oracle Communications Instant Messaging Server, version 10.0.1.5.0	Oracle Communications Instant Messaging Server
Oracle Communications Interactive Session Recorder, versions 6.3, 6.4	Oracle Communications Interactive Session Recorder
Oracle Communications Messaging Server, version 8.1	Oracle Communications Messaging Server
Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0	Oracle Communications Network Charging and Control
Oracle Communications Network Integrity, versions 7.3.5, 7.3.6	Oracle Communications Network Integrity
Oracle Communications Offline Mediation Controller, version 12.0.0.3	Oracle Communications Offline Mediation Controller
Oracle Communications Operations Monitor, versions 3.4, 4.2, 4.3, 4.4, 5.0	Oracle Communications Operations Monitor
Oracle Communications Pricing Design Center, versions 12.0.0.3.0, 12.0.0.4.0	Oracle Communications Pricing Design Center
Oracle Communications Service Broker, version 6.2	Oracle Communications Service Broker
Oracle Communications Services Gatekeeper, version 7.0	Oracle Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions 8.2, 8.3, 8.4, 9.0	Oracle Communications Session Border Controller
Oracle Communications Unified Inventory Management, versions 7.3.0, 7.3.4, 7.3.5, 7.4.0, 7.4.1, 7.4.2, 7.5.0	Oracle Communications Unified Inventory Management
Oracle Communications WebRTC Session Controller, versions 7.2.0, 7.2.1	Oracle Communications WebRTC Session Controller
Oracle Data Integrator, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Data Server, versions 12.1.0.2, 12.2.0.1, 19c, 21c	Data
Oracle Demantra Demand Management, versions 12.2.6-12.2.11	Oracle Supply Chain Products
Oracle E-Business Suite, versions 12.2.3-12.2.11	Oracle E-Business Suite
Oracle Enterprise Communications Broker, version 3.3	Oracle Enterprise Communications Broker
Oracle Enterprise Data Quality, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Enterprise Session Border Controller, versions 8.4, 9.0	Oracle Enterprise Session Border Controller
Oracle Ess, versions prior to 11.1.2.4.47, prior to 21.3	Data
Oracle Ess Administration Services, versions prior to 11.1.2.4.47	Data
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7-8.1.1	Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform, versions 8.0.7, 8.0.8, 8.1.1	Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Enterprise Case Management, versions 8.0.7, 8.0.8, 8.1.1	Oracle Financial Services Enterprise Case Management
Oracle Financial Services Foreign Account Tax Compliance Act Management, versions 8.0.7, 8.0.8, 8.1.1	Contact Support
Oracle Financial Services Model Management and Governance, versions 8.0.8-8.1.1	Oracle Financial Services Model Management and Governance
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versions 8.0.7, 8.0.8	Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.4.0, 14.5.0	Contact Support
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0	Contact Support
Oracle Fusion Middleware, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0	Fusion Middleware
Oracle GoldenGate, versions prior to 12.3.0.1, prior to 19.1.0.0.220118, prior to 21.4.0.0.0, prior to 21.5.0.0.220118	Data
Oracle GraalVM Enterprise Edition, versions 20.3.4, 21.3.0	Java SE
Oracle Graph Server and Client, versions prior to 21.4	Data
Oracle Health Sciences Clinical Development Analytics, version 4.0.1	Health Sciences
Oracle Health Sciences InForm CRF Submit, version 6.2.1	Health Sciences
Oracle Health Sciences Information Manager, versions 3.0.2, 3.0.3	HealthCare Applications
Oracle Healthcare Data Repository, versions 7.0.2, 8.1.0, 8.1.1	HealthCare Applications
Oracle Healthcare Foundation, versions 7.3.0.0-7.3.0.2, 8.0.0-8.0.2, 8.1.0-8.1.1	HealthCare Applications
Oracle Healthcare Translational Research, version 4.1.0	HealthCare Applications
Oracle Hospitality Cruise Shipboard Property Management System, version 20.1.0	Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality OPERA 5, version 5.6	Oracle Hospitality OPERA 5 Property Services
Oracle Hospitality Reporting and Analytics, version 9.1.0	Oracle Hospitality Reporting and Analytics
Oracle Hospitality Suite8, versions 8.10.2, 8.11.0, 8.12.0, 8.13.0, 8.14.0	Oracle Hospitality Suite8
Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Hyperion Infrastructure Technology, version 11.2.7.0	Fusion Middleware
Oracle iLearning, versions 6.2, 6.3	iLearning
Oracle Insurance Data Gateway, versions 11.0.2, 11.1.0, 11.2.7, 11.3.0, 11.3.1	Oracle Insurance Applications
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2.0, 5.4.0-5.6.0	Oracle Insurance Applications
Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0, 11.2.7, 11.3.0, 11.3.1	Oracle Insurance Applications
Oracle Insurance Policy Administration J2EE, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0	Oracle Insurance Applications
Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0, 11.3.1	Oracle Insurance Applications
Oracle Java SE, versions 7u321, 8u311, 11.0.13, 17.1	Java SE
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle NoSQL Data, versions prior to 21.1.12	NoSQL Data
Oracle Policy Automation, versions 12.2.0-12.2.24	Oracle Policy Automation
Oracle Product Lifecycle Analytics, version 3.6.1	Oracle Supply Chain Products
Oracle Rapid Planning, versions 12.2.6-12.2.11	Oracle Supply Chain Products
Oracle Real User Experience Insight, versions 13.4.1.0, 13.5.1.0	Enterprise Manager
Oracle REST Data Services, versions prior to 21.2.4	Data
Oracle Retail Allocation, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1	Retail Applications
Oracle Retail Analytics, versions 16.0.0-16.0.2	Retail Applications
Oracle Retail Assortment Planning, version 16.0.3	Retail Applications
Oracle Retail Back Office, version 14.1	Retail Applications
Oracle Retail Central Office, version 14.1	Retail Applications
Oracle Retail Customer Insights, versions 16.0.0-16.0.2	Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0-19.0	Retail Applications
Oracle Retail EFTLink, versions 16.0.3, 17.0.2, 18.0.1, 19.0.1, 20.0.1	Retail Applications
Oracle Retail Extract Transform and Load, version 13.2.8	Retail Applications
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1	Retail Applications
Oracle Retail Fiscal Management, version 14.2	Retail Applications
Oracle Retail Integration Bus, versions 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1	Retail Applications
Oracle Retail Invoice Matching, versions 15.0.3, 16.0.3	Retail Applications
Oracle Retail Merchandising System, version 19.0.1	Retail Applications
Oracle Retail Order Broker, versions 16.0, 18.0, 19.1	Retail Applications
Oracle Retail Order Management System, version 19.5	Retail Applications
Oracle Retail Point-of-Service, version 14.1	Retail Applications
Oracle Retail Predictive Application Server, versions 14.1.3, 14.1.3.46, 15.0.3, 15.0.3.115, 16.0.3, 16.0.3.240	Retail Applications
Oracle Retail Price Management, versions 13.2, 14.0.4, 14.1, 14.1.3, 15, 15.0.3, 16, 16.0.3	Retail Applications
Oracle Retail Returns Management, version 14.1	Retail Applications
Oracle Retail Service Backbone, versions 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1	Retail Applications
Oracle Retail Size Profile Optimization, version 16.0.3	Retail Applications
Oracle Retail Xstore Point of Service, versions 17.0.4, 18.0.3, 19.0.2, 20.0.1	Retail Applications
Oracle SD-WAN Aware, version 8.2	Oracle SD-WAN Aware
Oracle SD-WAN Edge, versions 9.0, 9.1	Oracle SD-WAN Edge
Oracle Secure Backup, versions prior to 18.1.0.1.0	Oracle Secure Backup
Oracle Solaris, versions 10, 11	Systems
Oracle Spatial Studio, versions prior to 21.2.1	Data
Oracle Thesaurus Management System, versions 5.2.3, 5.3.0, 5.3.1	Health Sciences
Oracle TimesTen In-Memory Data, versions prior to 11.2.2.8.27, prior to 21.1.1.1.0	Data
Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0	Oracle Utilities Applications
Oracle Utilities Testing Accelerator, versions 6.0.0.1.1, 6.0.0.2.2, 6.0.0.3.1	Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.32	Virtualization
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebLogic Server, versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8	Systems
Oracle ZFS Storage Application Integration Engineering Software, version 1.3.3	Systems
OSS Support Tools, versions prior to 2.12.42	Oracle Support Tools
PeopleSoft Enterprise CS SA Integration Pack, versions 9.0, 9.2	PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.57, 8.58, 8.59	PeopleSoft
Primavera Analytics, versions 18.8.3.3, 19.12.11.1, 20.12.12.0	Oracle Construction and Engineering Suite
Primavera Data Warehouse, versions 18.8.3.3, 19.12.11.1, 20.12.12.0	Oracle Construction and Engineering Suite
Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.13, 19.12.0-19.12.12, 20.12.0-20.12.7, 21.12.0	Oracle Construction and Engineering Suite
Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.18.0, 20.12.0.0-20.12.12.0, 21.12.0.0	Oracle Construction and Engineering Suite
Primavera P6 Professional Project Management, versions 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.17.0, 20.12.0.0-20.12.9.0	Oracle Construction and Engineering Suite
Primavera Portfolio Management, versions 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0, 20.0.0.1	Oracle Construction and Engineering Suite
Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12	Oracle Construction and Engineering Suite
Siebel Applications, versions 21.12 and prior	Siebel

□ 해결 방안
 o "Oracle Critical Patch Update Advisory – January 2022“ 문서 및 패치 사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]


[참고사이트]
[1] https://www.oracle.com/security-s/cpujan2022.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.html