Oracle Critical Patch Update 보안 업데이트 권고

□ 개요
 o 오라클 CPU에서 자사 제품의 보안 취약점 342개에 대한 패치 발표 [1]
  ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트
 o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 영향받는 제품 및 버전

영향받는 제품	패치 관련 문서
Big Data Spatial and Graph, versions prior to 2.0, prior to 23.1	Database
Enterprise Manager Base Platform, version 13.4.0.0	Enterprise Manager
Essbase, version 21.2	Database
Essbase Analytic Provider Services, versions 11.1.2.4, 21.2	Database
Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2400, prior to XCP3100	Systems
Hyperion Essbase Administration Services, versions 11.1.2.4, 21.2	Database
Hyperion Financial Reporting, versions 11.1.2.4, 11.2.5.0	Fusion Middleware
Hyperion Infrastructure Technology, versions 11.1.2.4, 11.2.5.0	Fusion Middleware
Identity Manager, versions 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3	Oracle Construction and Engineering Suite
JD Edwards EnterpriseOne Orchestrator, versions 9.2.5.3 and prior	JD Edwards
JD Edwards EnterpriseOne Tools, versions 9.2.5.3 and prior	JD Edwards
MICROS Compact Workstation 3, version 310	MICROS Compact Workstation
MICROS ES400 Series, versions 400-410	MICROS ES400 Series
MICROS Kitchen Display System Hardware, version 210	MICROS Kitchen Display System Hardware
MICROS Workstation 5A, version 5A	MICROS Workstation 5A
MICROS Workstation 6, versions 610-655	MICROS Workstation
MySQL Cluster, versions 8.0.25 and prior	MySQL
MySQL Connectors, versions 8.0.23 and prior	MySQL
MySQL Enterprise Monitor, versions 8.0.23 and prior	MySQL
MySQL Server, versions 5.7.34 and prior, 8.0.25 and prior	MySQL
Oracle Access Manager, version 11.1.2.3.0	Fusion Middleware
Oracle Agile Engineering Data Management, version 6.2.1.0	Oracle Supply Chain Products
Oracle Agile PLM, versions 9.3.3, 9.3.5, 9.3.6	Oracle Supply Chain Products
Oracle Application Express, versions prior to 21.1.0.0.4	Database
Oracle Application Express (CKEditor), versions prior to 21.1.0.0.1	Database
Oracle Application Express Application Builder (DOMPurify), versions prior to 21.1.0.0.1	Database
Oracle Application Testing Suite, version 13.3.0.1	Enterprise Manager
Oracle BAM (Business Activity Monitoring), versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Banking Enterprise Default Management, versions 2.10.0, 2.12.0	Oracle Banking Platform
Oracle Banking Liquidity Management, versions 14.2, 14.3, 14.5	Contact Support
Oracle Banking Party Management, version 2.7.0	Oracle Banking Platform
Oracle Banking Platform, versions 2.4.0, 2.7.1, 2.9.0, 2.12.0	Oracle Banking Platform
Oracle Banking Treasury Management, version 14.4	Contact Support
Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Business Intelligence Enterprise Edition, version 12.2.1.4.0	Fusion Middleware
Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2	Oracle Commerce
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 11.3.1.5, 11.3.2	Oracle Commerce
Oracle Commerce Merchandising, versions 11.1.0, 11.2.0, 11.3.0-11.3.2	Oracle Commerce
Oracle Commerce Platform, versions 11.0.0, 11.1.0, 11.2.0, 11.3.0-11.3.2	Oracle Commerce
Oracle Commerce Service Center, versions 11.0.0, 11.1.0, 11.2.0, 11.3.0-11.3.2	Oracle Commerce
Oracle Communications Application Session Controller, version 3.9	Oracle Communications Application Session Controller
Oracle Communications Billing and Revenue Management, versions 7.5.0.23.0, 12.0.0.3.0	Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, versions 11.3.0.9.0, 12.0.0.3.0	Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Cloud Native Core Console, version 1.4.0	Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 1.4.0, 1.7.0	Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Slice Selection Function, version 1.2.1	Communications Cloud Native Core Network Slice Selection Function
Oracle Communications Cloud Native Core Policy, versions 1.5.0, 1.9.0	Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, version 1.7.0	Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy, version 1.5.2	Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository, versions 1.4.0, 1.6.0	Communications Cloud Native Core Unified Data Repository
Oracle Communications Convergent Charging Controller, version 12.0.4.0.0	Oracle Communications Convergent Charging Controller
Oracle Communications Design Studio, version 7.4.2	Oracle Communications Design Studio
Oracle Communications Diameter Signaling Router (DSR), versions 8.0.0-8.5.0	Oracle Communications Diameter Signaling Router
Oracle Communications EAGLE Software, versions 46.6.0-46.8.2	Oracle Communications EAGLE
Oracle Communications Evolved Communications Application Server, version 7.1	Oracle Communications Evolved Communications Application Server
Oracle Communications Instant Messaging Server, version 10.0.1.4.0	Oracle Communications Instant Messaging Server
Oracle Communications Network Charging and Control, versions 6.0.1.0, 12.0.1.0-12.0.4.0, 12.0.4.0.0	Oracle Communications Network Charging and Control
Oracle Communications Offline Mediation Controller, version 12.0.0.3.0	Oracle Communications Offline Mediation Controller
Oracle Communications Pricing Design Center, version 12.0.0.3.0	Oracle Communications Pricing Design Center
Oracle Communications Services Gatekeeper, versions 7.0, 8.2	Oracle Communications Services Gatekeeper
Oracle Communications Unified Inventory Management, versions 7.3.2, 7.3.4, 7.3.5, 7.4.0, 7.4.1	Oracle Communications Unified Inventory Management
Oracle Configuration Manager, version 12.1.2.0.8	Enterprise Manager
Oracle Data Integrator, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Database Server, versions 12.1.0.2, 12.2.0.1, 19c	Database
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10	Oracle E-Business Suite
Oracle Enterprise Data Quality, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Enterprise Repository, version 11.1.1.7.0	Fusion Middleware
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.0.9, 8.1.0	Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Crime and Compliance Investigation Hub, version 20.1.2	Oracle Financial Services Crime and Compliance Investigation Hub
Oracle Financial Services Regulatory Reporting with AgileREPORTER, version 8.0.9.6.3	Oracle Financial Services Regulatory Reporting with AgileREPORTER
Oracle Financial Services Revenue Management and Billing Analytics, versions 2.7.0, 2.8.0	Oracle Financial Services Analytical Applications Infrastructure
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0	Contact Support
Oracle FLEXCUBE Universal Banking, versions 12.0-12.4, 14.0-14.4.0	Contact Support
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0	Fusion Middleware
Oracle GoldenGate Application Adapters, version 19.1.0.0.0	Fusion Middleware
Oracle GraalVM Enterprise Edition, versions 20.3.2, 21.1.0	Java SE
Oracle Hospitality Reporting and Analytics, version 9.1.0	Oracle Hospitality Reporting and Analytics
Oracle Hospitality Suite8, versions 8.13, 8.14	MICROS BellaVita
Oracle Hyperion BI+, versions 11.1.2.4, 11.2.5.0	Fusion Middleware
Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0-11.3.0	Oracle Insurance Applications
Oracle Insurance Policy Administration J2EE, version 11.0.2	Oracle Insurance Applications
Oracle Insurance Rules Palette, versions 11.0.2, 11.1.0-11.3.0	Oracle Insurance Applications
Oracle Java SE, versions 7u301, 8u291, 11.0.11, 16.0.1	Java SE
Oracle JDeveloper, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle JDeveloper and ADF, version 12.2.1.4.0	Fusion Middleware
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Outside In Technology, version 8.5.5	Fusion Middleware
Oracle Policy Automation, versions 12.2.0-12.2.22	Oracle Policy Automation
Oracle Retail Back Office, version 14.1	Retail Applications
Oracle Retail Central Office, version 14.1	Retail Applications
Oracle Retail Customer Engagement, versions 16.0-19.0	Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0-19.0	Retail Applications
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3.0	Retail Applications
Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3.0	Retail Applications
Oracle Retail Merchandising System, versions 14.1.3.2, 15.0.3.1, 16.0.3	Retail Applications
Oracle Retail Order Broker, versions 15.0, 16.0	Retail Applications
Oracle Retail Order Management System Cloud Service, version 19.5	Retail Applications
Oracle Retail Point-of-Service, version 14.1	Retail Applications
Oracle Retail Price Management, versions 14.0, 14.1, 15.0, 16.0	Retail Applications
Oracle Retail Returns Management, version 14.1	Retail Applications
Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3.0	Retail Applications
Oracle Retail Xstore Point of Service, versions 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1	Retail Applications
Oracle SD-WAN Aware, versions 8.2, 9.0	Oracle SD-WAN Aware
Oracle SD-WAN Edge, versions 8.2, 9.0, 9.1	Oracle SD-WAN Edge
Oracle Secure Global Desktop, version 5.6	Virtualization
Oracle Solaris, version 11	Systems
Oracle Solaris Cluster, version 4.4	Systems
Oracle Transportation Management, version 6.4.3	Oracle Supply Chain Products
Oracle VM VirtualBox, versions prior to 6.1.24	Virtualization
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8	Systems
OSS Support Tools, versions prior to 2.12.41	Support Tools
PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2	PeopleSoft
PeopleSoft Enterprise HCM Candidate Gateway, version 9.2	PeopleSoft
PeopleSoft Enterprise HCM Shared Components, version 9.2	PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.57, 8.58, 8.58.8.59, 8.59	PeopleSoft
PeopleSoft Enterprise PT PeopleTools, versions 8.57, 8.58, 8.59	PeopleSoft
Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.11, 19.12.0-19.12.10, 20.12.0	Oracle Construction and Engineering Suite
Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0-17.12.20, 18.8.0-18.8.23, 19.12.0-19.12.14, 20.12.0-20.12.3	Oracle Construction and Engineering Suite
Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12	Oracle Construction and Engineering Suite
Real-Time Decisions (RTD) Solutions, version 3.2.0.0	Fusion Middleware
Siebel Applications, versions 21.5 and prior	Siebel
StorageTek Tape Analytics SW Tool, version 2.3	Systems

 

□ 해결 방안
 o "Oracle Critical Patch Update Advisory – July 2021“ 문서 및 패치 사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]
 

[참고사이트]
[1] https://www.oracle.com/security-alerts/cpujul2021.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.xml