Oracle Critical Patch Update 보안 업데이트 권고

보안공지

Oracle Critical Patch Update 보안 업데이트 권고

□ 개요
 o 오라클社 CPU에서 자사 제품의 보안 취약점 443개에 대한 패치를 발표 [1]
  ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
 o 영향 받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결방안에 따라 최신버전으로 업데이트 권고
 
□ 영향받는 제품 및 버전
Category Management Planning & Optimization, version 15.0.3
Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0
Enterprise Manager Base Platform, versions 12.1.0.5, 13.3.0.0, 13.4.0.0
Enterprise Manager for Fusion Middleware, version 12.1.0.5
Enterprise Manager Ops Center, version 12.4.0.0
GoldenGate Stream Analytics, versions prior to 19.1.0.0.1
Hyperion Financial Close Management, version 11.1.2.4
Instantis EnterpriseTrack, versions 17.1-17.3
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.4.2
JD Edwards EnterpriseOne Tools, versions prior to 9.2.3.3, prior to 9.2.4.2
MySQL Client, versions 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior
MySQL Cluster, versions 7.3.29 and prior, 7.4.28 and prior, 7.5.18 and prior, 7.6.14 and prior, 8.0.20 and prior
MySQL Connectors, versions 8.0.20 and prior
MySQL Enterprise Monitor, versions 4.0.12 and prior, 8.0.20 and prior
MySQL Server, versions 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior
Oracle Agile Engineering Data Management, version 6.2.1.0
Oracle Application Express, versions 5.1-19.2
Oracle Application Testing Suite, versions 13.2.0.1, 13.3.0.1
Oracle AutoVue, version 21.0
Oracle Banking Enterprise Collections, versions 2.7.0-2.9.0
Oracle Banking Payments, versions 14.1.0-14.4.0
Oracle Banking Platform, versions 2.4.0-2.10.0
Oracle Berkeley DB, versions prior to 6.1.38, prior to 18.1.40
Oracle BI Publisher, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0
Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 11.0, 11.1, 11.2, prior to 11.3.1
Oracle Commerce Platform, versions 11.1, 11.2, prior to 11.3.1
Oracle Commerce Service Center, versions 11.1, 11.2, prior to 11.3.1
Oracle Communications Analytics, version 12.1.1
Oracle Communications Billing and Revenue Management, versions 7.5.0.23.0, 12.0.0.3.0
Oracle Communications BRM - Elastic Charging Engine, versions 11.3, 12.0
Oracle Communications Contacts Server, version 8.0.0.4.0
Oracle Communications Convergence, versions 3.0.1.0-3.0.2.1
Oracle Communications Diameter Signaling Router (DSR), versions 8.0-8.4
Oracle Communications Element Manager, versions 8.1.1, 8.2.0, 8.2.1
Oracle Communications Evolved Communications Application Server, version 7.1
Oracle Communications Instant Messaging Server, version 10.0.1.4.0
Oracle Communications Interactive Session Recorder, versions 6.1-6.4
Oracle Communications IP Service Activator, versions 7.3.0, 7.4.0
Oracle Communications LSMS, versions 13.0-13.3
Oracle Communications Messaging Server, versions 8.0.2, 8.1.0
Oracle Communications MetaSolv Solution, version 6.3.0
Oracle Communications Network Charging and Control, versions 6.0.1, 12.0.0-12.0.3
Oracle Communications Network Integrity, versions 7.3.2-7.3.6
Oracle Communications Operations Monitor, versions 3.4, 4.1-4.3
Oracle Communications Order and Service Management, versions 7.3, 7.4
Oracle Communications Services Gatekeeper, versions 6.0, 6.1, 7.0
Oracle Communications Session Border Controller, versions 8.1.0, 8.2.0, 8.3.0
Oracle Communications Session Report Manager, versions 8.1.1, 8.2.0, 8.2.1
Oracle Communications Session Route Manager, versions 8.1.1, 8.2.0, 8.2.1
Oracle Configuration Manager, version 12.1.2.0.6
Oracle Configurator, versions 12.1, 12.2
Oracle Data Masking and Subsetting, versions 13.3.0.0, 13.4.0.0
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, [Spatial Studio] prior to 19.2.1
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9
Oracle Endeca Information Discovery Studio, version 3.2.0
Oracle Enterprise Communications Broker, versions 3.0.0-3.2.0
Oracle Enterprise Repository, version 11.1.1.7.0
Oracle Enterprise Session Border Controller, versions 8.1.0, 8.2.0, 8.3.0
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0
Oracle Financial Services Compliance Regulatory Reporting, versions 8.0.6-8.0.8
Oracle Financial Services Lending and Leasing, versions 12.5.0, 14.1.0-14.8.0
Oracle Financial Services Liquidity Risk Management, version 8.0.6
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.6-8.0.8
Oracle Financial Services Market Risk Measurement and Management, versions 8.0.6, 8.0.8
Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank, version 8.0.4
Oracle FLEXCUBE Investor Servicing, versions 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0
Oracle Fusion Middleware MapViewer, versions 12.2.1.3.0, 12.2.1.4.0
Oracle Global Lifecycle Management/OPatch, versions prior to 12.2.0.1.20
Oracle GoldenGate, versions prior to 19.1.0.0.0
Oracle GraalVM Enterprise Edition, versions 19.3.2, 20.1.0
Oracle Health Sciences Empirica Inspections, version 1.0.1.2
Oracle Health Sciences Empirica Signal, version 7.3.3
Oracle Healthcare Master Person Index, version 4.0.2
Oracle Healthcare Translational Research, versions 3.2.1, 3.3.1, 3.3.2, 3.4.0
Oracle Help Technologies, versions 11.1.1.9.0, 12.2.1.3.0
Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1
Oracle Hospitality Reporting and Analytics, version 9.1.0
Oracle Hyperion BI+, version 11.1.2.4
Oracle iLearning, versions 6.1, 6.1.1
Oracle Insurance Accounting Analyzer, versions 8.0.6-8.0.9
Oracle Insurance Data Gateway, version 1.0
Oracle Insurance Policy Administration J2EE, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0
Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0
Oracle Java SE, versions 7u261, 8u251, 11.0.7, 14.0.1
Oracle Java SE Embedded, version 8u251
Oracle Outside In Technology, versions 8.5.4, 8.5.5
Oracle Rapid Planning, versions 12.1, 12.2
Oracle Real User Experience Insight, version 13.3.1.0
Oracle Retail Assortment Planning, versions 15.0, 15.0.3, 16.0, 16.0.3
Oracle Retail Bulk Data Integration, versions 15.0, 16.0
Oracle Retail Customer Management and Segmentation Foundation, version 18.0
Oracle Retail Data Extractor for Merchandising, versions 1.9, 1.10, 18.0
Oracle Retail Extract Transform and Load, version 19.0
Oracle Retail Financial Integration, versions 15.0, 16.0
Oracle Retail Fusion Platform, version 5.5
Oracle Retail Integration Bus, versions 15.0, 15.0.3, 16.0, 16.0.3
Oracle Retail Invoice Matching, version 16.0
Oracle Retail Item Planning, version 15.0.3
Oracle Retail Macro Space Optimization, version 15.0.3
Oracle Retail Merchandise Financial Planning, version 15.0.3
Oracle Retail Merchandising System, versions 15.0.3, 16.0.2, 16.0.3
Oracle Retail Order Broker, version 15.0
Oracle Retail Predictive Application Server, versions 14.0.3, 14.1.3, 15.0.3, 16.0.3
Oracle Retail Regular Price Optimization, versions 15.0.3, 16.0.3
Oracle Retail Replenishment Optimization, version 15.0.3
Oracle Retail Sales Audit, version 14.1
Oracle Retail Service Backbone, versions 14.1, 15.0, 16.0
Oracle Retail Size Profile Optimization, version 15.0.3
Oracle Retail Store Inventory Management, versions 14.0.4, 14.1.3, 15.0.3, 16.0.3
Oracle Retail Xstore Point of Service, versions 7.1, 15.0, 16.0, 17.0, 18.0, 19.0
Oracle SD-WAN Aware, version 8.2
Oracle SD-WAN Edge, versions 8.2, 9.0
Oracle Security Service, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Solaris, version 11
Oracle TimesTen In-Memory Database, versions prior to 18.1.2.1.0
Oracle Transportation Management, versions 6.3.7, 6.4.3
Oracle Unified Directory, versions 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0
Oracle VM VirtualBox, versions prior to 5.2.44, prior to 6.0.24, prior to 6.1.12
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
Oracle ZFS Storage Appliance Kit, version 8.8
PeopleSoft Enterprise FIN Expenses, version 9.2
PeopleSoft Enterprise HCM Global Payroll Switzerland, version 9.2
PeopleSoft Enterprise HRMS, version 9.2
PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58
Primavera Gateway, versions 16.2.0-16.2.11, 17.12.0-17.12.7, 18.8.0-18.8.9, 19.12.0-19.12.4
Primavera P6 Enterprise Project Portfolio Management, versions 16.1.0.0-16.2.20.1, 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19, 19.12.0-19.12.6
Primavera Portfolio Management, versions 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0
Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12, [Mobile App] prior to 20.6
Siebel Applications, versions 2.20.5 and prior, 20.6 and prior
 
□ 해결 방안
 o "Oracle Critical Patch Update Advisory – July 2020“ 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]
 
□ 기타 문의사항
 o 한국인터넷진흥원 사이버민원센터: 국번없이 118
 
[참고사이트]
[1] https://www.oracle.com/security-alerts/cpujul2020.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.xml
 



□ 작성 : 침해사고분석단 취약점분석팀
0 변경된 사항