보안 이슈 - Oracle Critical Patch Update 보안 업데이트 권고

Oracle Critical Patch Update 보안 업데이트 권고

□ 개요
o 오라클은 CPU에서 자사 제품의 보안 취약점 520개에 대한 패치 발표 [1]
※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 버전

Engineered Systems Utilities, versions 12.1.0.2, 19c, 21c	Oracle Autonomous Health Framework
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0	Enterprise Manager
Enterprise Manager for Peoplesoft, versions 13.4.1.1, 13.5.1.1	Enterprise Manager
Enterprise Manager for Storage Management, version 13.4.0.0	Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0	Enterprise Manager
Helidon, versions 1.4.7, 1.4.10, 2.0.0-RC1	Helidon
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3	Oracle Construction and Engineering Suite
JD Edwards EnterpriseOne Tools, versions prior to 9.2.6.3	JD Edwards
JD Edwards World Security, version A9.4	JD Edwards
Management Cloud Engine, versions 1.5.0 and prior	Oracle Management Cloud Engine
Middleware Common Libraries and Tools, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
MySQL Cluster, versions 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, 8.0.28 and prior	MySQL
MySQL Connectors, versions 8.0.28 and prior	MySQL
MySQL Enterprise Monitor, versions 8.0.29 and prior	MySQL
MySQL Server, versions 5.7.37 and prior, 8.0.28 and prior	MySQL
MySQL Workbench, versions 8.0.28 and prior	MySQL
Oracle Advanced Supply Chain Planning, versions 12.1, 12.2	Oracle Supply Chain Products
Oracle Agile Engineering Data Management, version 6.2.1.0	Oracle Supply Chain Products
Oracle Agile PLM, version 9.3.6	Oracle Supply Chain Products
Oracle Agile PLM MCAD Connector, version 3.6	Oracle Supply Chain Products
Oracle Application Express, versions prior to 22.1	Data
Oracle Application Testing Suite, version 13.3.0.1	Enterprise Manager
Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2	Oracle Supply Chain Products
Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0	Contact Support
Oracle Banking Enterprise Default Management, versions 2.7.1, 2.10.0, 2.12.0	Oracle Banking Platform
Oracle Banking Loans Servicing, version 2.12.0	Contact Support
Oracle Banking Party Management, version 2.7.0	Oracle Banking Platform
Oracle Banking Payments, version 14.5	Contact Support
Oracle Banking Platform, versions 2.6.2, 2.7.1, 2.12.0	Oracle Banking Platform
Oracle Banking Trade Finance, version 14.5	Contact Support
Oracle Banking Treasury Management, version 14.5	Contact Support
Oracle Blockchain Platform, versions prior to 21.1.2	Oracle Blockchain Platform
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0, 12.2.1.4.0	Oracle Analytics
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Coherence, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2	Oracle Commerce
Oracle Communications ASAP, version 7.3	Oracle Communications ASAP
Oracle Communications Billing and Revenue Management, versions 12.0.0.4, 12.0.0.5	Oracle Communications Billing and Revenue Management
Oracle Communications Cloud Native Core Automated Test Suite, versions 1.8.0, 1.9.0, 22.1.0	Oracle Communications Cloud Native Core Automated Test Suite
Oracle Communications Cloud Native Core Binding Support Function, version 1.11.0	Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, versions 1.9.0, 22.1.0	Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Exposure Function, version 22.1.0	Oracle Communications Cloud Native Core Network Exposure Function
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 1.10.0, 22.1.0	Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, versions 1.15.0, 1.15.1, 22.1.0	Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Network Slice Selection Function, versions 1.8.0, 22.1.0	Oracle Communications Cloud Native Core Network Slice Selection Function
Oracle Communications Cloud Native Core Policy, versions 1.14.0, 1.15.0, 22.1.0	Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 1.7.0, 22.1.0	Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy, version 1.15.0	Oracle Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository, versions 1.15.0, 22.1.0	Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Contacts Server, version 8.0.0.6.0	Oracle Communications Contacts Server
Oracle Communications Convergence, versions 3.0.2.2, 3.0.3.0	Oracle Communications Convergence
Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0	Oracle Communications Convergent Charging Controller
Oracle Communications Design Studio, versions 7.3.5, 7.4.0-7.4.2	Oracle Communications Design Studio
Oracle Communications Diameter Intelligence Hub, versions 8.0.0-8.2.3	Oracle Communications Diameter Signaling Router
Oracle Communications Diameter Signaling Router, version 8.4.0.0	Oracle Communications Diameter Signaling Router
Oracle Communications EAGLE Application Processor	Oracle Communications EAGLE Application Processor
Oracle Communications EAGLE Element Management System, version 46.6	Oracle Communications EAGLE Element Management System
Oracle Communications EAGLE FTP Table Base Retri, version 4.5	Oracle Communications EAGLE FTP Table Base Retri
Oracle Communications EAGLE LNP Application Processor, versions 10.1, 10.2	Oracle Communications EAGLE LNP Application Processor
Oracle Communications EAGLE Software, versions 46.7.0, 46.8.0-46.8.2, 46.9.1-46.9.3	Oracle Communications EAGLE (Software)
Oracle Communications Element Manager, versions prior to 9.0	Oracle Communications Element Manager
Oracle Communications Evolved Communications Application Server, version 7.1	Oracle Communications Evolved Communications Application Server
Oracle Communications Instant Messaging Server, version 10.0.1.5.0	Oracle Communications Instant Messaging Server
Oracle Communications Interactive Session Recorder, version 6.4	Oracle Communications Interactive Session Recorder
Oracle Communications IP Service Activator, version 7.4.0	Oracle Communications IP Service Activator
Oracle Communications Messaging Server, version 8.1	Oracle Communications Messaging Server
Oracle Communications MetaSolv Solution, version 6.3.1	Oracle Communications MetaSolv Solution
Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0	Oracle Communications Network Charging and Control
Oracle Communications Network Integrity, versions 7.3.2, 7.3.5, 7.3.6	Oracle Communications Network Integrity
Oracle Communications Operations Monitor, versions 4.3, 4.4, 5.0	Oracle Communications Operations Monitor
Oracle Communications Order and Service Management, versions 7.3, 7.4	Oracle Communications Order and Service Management
Oracle Communications Performance Intelligence Center (PIC) Software, versions 10.3.0.0.0-10.3.0.2.1, 10.4.0.1.0-10.4.0.3.1	Oracle Communications Performance Intelligence Center (PIC) Software
Oracle Communications Policy Management, versions 12.5.0.0.0, 12.6.0.0.0	Oracle Communications Policy Management
Oracle Communications Pricing Design Center, versions 12.0.0.4, 12.0.0.5	Oracle Communications Pricing Design Center
Oracle Communications Services Gatekeeper, version 7.0.0.0.0	Oracle Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions 8.4, 9.0	Oracle Communications Session Border Controller
Oracle Communications Session Report Manager, versions prior to 9.0	Oracle Communications Session Report Manager
Oracle Communications Session Route Manager, versions prior to 9.0	Oracle Communications Session Route Manager
Oracle Communications Unified Inventory Management, versions 7.4.1, 7.4.2	Oracle Communications Unified Inventory Management
Oracle Communications Unified Session Manager, versions 8.2.5, 8.4.5	Oracle Communications Unified Session Manager
Oracle Communications User Data Repository, version 12.4	Oracle Communications User Data Repository
Oracle Communications WebRTC Session Controller, version 7.2.1	Oracle Communications WebRTC Session Controller
Oracle Data Integrator, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Data Server, versions 12.1.0.2, 19c, 21c	Data
Oracle Documaker, versions 12.6.0, 12.6.2-12.6.4, 12.7.0	Oracle Insurance Applications
Oracle E-Business Suite, versions 12.2.4-12.2.11, [EBS Cloud Manager and Backup Module] prior to 22.1.1.1, [Enterprise Command Center] 7.0, [Enterprise Information Discovery] 7-9	Oracle E-Business Suite
Oracle Enterprise Communications Broker, versions 3.2, 3.3	Oracle Enterprise Communications Broker
Oracle Enterprise Session Border Controller, versions 8.4, 9.0	Oracle Enterprise Session Border Controller
Oracle Ethernet Switch ES1-24, version 1.3.1	Systems
Oracle Ethernet Switch TOR-72, version 1.2.2	Systems
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6.0-8.0.9.0, 8.1.0.0-8.1.2.0	Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform, versions 8.0.6.0-8.0.8.0, 8.1.1.0, 8.1.1.1, 8.1.2.0	Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Enterprise Case Management, versions 8.0.7.1, 8.0.7.2, 8.0.8.0, 8.0.8.1, 8.1.1.0, 8.1.1.1, 8.1.2.0	Oracle Financial Services Enterprise Case Management
Oracle Financial Services Revenue Management and Billing, versions 2.7.0.0, 2.7.0.1, 2.8.0.0	Oracle Financial Services Revenue Management and Billing
Oracle FLEXCUBE Universal Banking, versions 11.83.3, 12.1-12.4, 14.0-14.3, 14.5	Contact Support
Oracle Global Lifecycle Management OPatch	Global Lifecycle Management
Oracle GoldenGate, versions prior to 12.3.0.1.2, prior to 23.1	Data
Oracle GoldenGate Application Adapters, versions prior to 23.1	Data
Oracle GoldenGate Big Data and Application Adapters, versions prior to 23.1	Data
Oracle GraalVM Enterprise Edition, versions 20.3.5, 21.3.1, 22.0.0.2	Java SE
Oracle Health Sciences Empirica Signal, versions 9.1.0.6, 9.2.0.0	Health Sciences
Oracle Health Sciences InForm, versions 6.2.1.1, 6.3.2.1, 7.0.0.0	Health Sciences
Oracle Health Sciences InForm Publisher, versions 6.2.1.1, 6.3.1.1	Health Sciences
Oracle Health Sciences Information Manager, versions 3.0.1-3.0.4	HealthCare Applications
Oracle Healthcare Data Repository, versions 8.1.0, 8.1.1	HealthCare Applications
Oracle Healthcare Foundation, versions 7.3.0.1-7.3.0.4	HealthCare Applications
Oracle Healthcare Master Person Index, version 5.0.1	HealthCare Applications
Oracle Healthcare Translational Research, versions 4.1.0, 4.1.1	HealthCare Applications
Oracle Hospitality Suite8, versions 8.10.2, 8.11.0-8.14.0	Oracle Hospitality Suite8
Oracle Hospitality Token Proxy Service, version 19.2	Oracle Hospitality Token Proxy Service
Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Hyperion BI+, versions prior to 11.2.8.0	Oracle Enterprise Performance Management
Oracle Hyperion Calculation Manager, versions prior to 11.2.8.0	Oracle Enterprise Performance Management
Oracle Hyperion Data Relationship Management, versions prior to 11.2.8.0, prior to 11.2.9.0	Oracle Enterprise Performance Management
Oracle Hyperion Financial Management, versions prior to 11.2.8.0	Oracle Enterprise Performance Management
Oracle Hyperion Infrastructure Technology, versions prior to 11.2.8.0	Oracle Enterprise Performance Management
Oracle Hyperion Planning, versions prior to 11.2.8.0	Oracle Enterprise Performance Management
Oracle Hyperion Profitability and Cost Management, versions prior to 11.2.8.0	Oracle Enterprise Performance Management
Oracle Hyperion Tax Provision, versions prior to 11.2.8.0	Oracle Enterprise Performance Management
Oracle Identity Management Suite, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Identity Manager Connector, versions 9.1.0, 11.1.1.5.0	Fusion Middleware
Oracle iLearning, versions 6.2, 6.3	iLearning
Oracle Insurance Data Gateway, version 1.0.1	Oracle Insurance Applications
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2.0, 5.4.0-5.6.0, 5.6.1	Oracle Insurance Applications
Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0, 11.2.8, 11.3.0, 11.3.1	Oracle Insurance Applications
Oracle Insurance Rules Palette, versions 11.0.2, 11.1.0, 11.2.8, 11.3.0, 11.3.1	Oracle Insurance Applications
Oracle Internet Directory, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Java SE, versions 7u331, 8u321, 11.0.14, 17.0.2, 18	Java SE
Oracle JDeveloper, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0	Fusion Middleware
Oracle NoSQL Data	NoSQL Data
Oracle Outside In Technology, version 8.5.5	Fusion Middleware
Oracle Payment Interface, versions 19.1, 20.3	Oracle Payment Interface
Oracle Product Lifecycle Analytics, version 3.6.1.0	Oracle Supply Chain Products
Oracle REST Data Services, versions prior to 21.2	Data
Oracle Retail Bulk Data Integration, version 16.0.3	Retail Applications
Oracle Retail Customer Insights, versions 15.0.2, 16.0.2	Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 17.0-19.0	Retail Applications
Oracle Retail Data Extractor for Merchandising, versions 15.0.2, 16.0.2	Retail Applications
Oracle Retail EFTLink, versions 17.0.2, 18.0.1, 19.0.1, 20.0.1, 21.0.0	Retail Applications
Oracle Retail Extract Transform and Load, version 13.2.8	Retail Applications
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1	Retail Applications
Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1	Retail Applications
Oracle Retail Invoice Matching, version 16.0.3	Retail Applications
Oracle Retail Merchandising System, versions 16.0.3, 19.0.1	Retail Applications
Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1	Retail Applications
Oracle Retail Store Inventory Management, versions 14.0.4.13, 14.1.3.5, 14.1.3.14, 15.0.3.3, 15.0.3.8, 16.0.3.7	Retail Applications
Oracle Retail Xstore Office Cloud Service, versions 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1	Retail Applications
Oracle Retail Xstore Point of Service, versions 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1, 21.0.0	Retail Applications
Oracle SD-WAN Edge, versions 9.0, 9.1	Oracle SD-WAN Edge
Oracle Secure Backup	Oracle Secure Backup
Oracle Secure Global Desktop, version 5.6	Virtualization
Oracle Solaris, version 11	Systems
Oracle Solaris Cluster, version 4	Systems
Oracle SQL Developer, versions prior to 21.99	Data
Oracle StorageTek ACSLS, version 8.5.1	Systems
Oracle StorageTek Tape Analytics (STA), version 2.4	Systems
Oracle Taleo Platform, versions prior to 22.1	Oracle Taleo
Oracle Transportation Management, versions 6.4.3, 6.5.1	Oracle Supply Chain Products
Oracle Tuxedo, version 12.2.2.0.0	Fusion Middleware
Oracle Utilities Framework, versions 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0	Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.34	Virtualization
Oracle Web Services Manager, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8	Systems
OSS Support Tools, versions 2.12.42, 18.3	Oracle Support Tools
PeopleSoft Enterprise CS Academic Advisement, version 9.2	PeopleSoft
PeopleSoft Enterprise FIN Cash Management, version 9.2	PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59	PeopleSoft
PeopleSoft Enterprise PRTL Interaction Hub, version 9.1	PeopleSoft
Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12	Oracle Construction and Engineering Suite

□ 해결 방안
o "Oracle Critical Patch Update Advisory - April 2022“ 문서 및 패치 사항을 검토하고 벤더 사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

[참고사이트]
[1] https://www.oracle.com/security-s/cpuapr2022.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.html

Oracle Critical Patch Update 보안 업데이트 권고

단축키

단축키

Oracle Critical Patch Update 보안 업데이트 권고

VMware 제품군 보안 주의 권고

암호화 멀웨어 상위 차트, 대상 애플리케이션

구글 Chrome 브라우저 보안 업데이트 권고

IoT 장비(IP카메라, LTE모뎀 등) 초기 설정 계정 변경 권고

MS 11월 보안 위협에 따른 정기 보안 업데이트 권고

축구 팬들은 피파 2018해킹의 위험에 처해 있다.

구글 Chrome 브라우저 보안 업데이트 권고

Mozilla 제품 보안 업데이트 권고

SAP 제품 취약점 보안 업데이트 권고

Mozilla 제품 보안 업데이트 권고

Cisco 제품 취약점 보안 업데이트 권고

피싱 붐이 일고 있는 가운데, 중소 은행 고객을 타깃

VMware vCenter 제품 보안 업데이트 권고

Oracle Critical Patch Update 보안 업데이트 권고

Dell dbutil 드라이버 보안 업데이트 권고

Apache HTTP Server 보안 업데이트 권고

중소기업 홈페이지 보안강화

Apple 제품 보안 업데이트 권고

Citrix 제품 보안 업데이트 권고

16세의 십대가 애플서버를 해킹해 90GB의 보안 파일 훔쳤습니다.