SK-CERT Bezpečnostné varovanie V20201027-01
| Dôležitosť | Kritická |
| Klasifikácia | Neutajované/TLP WHITE |
| CVSS Skóre |
10.0 |
| Identifikátor |
| Oracle produkty – viacero zraniteľností |
| Popis |
| Spoločnosť Oracle vydala bezpečnostné aktualizácie na svoje portfólio produktov, ktoré opravujú viacero bezpečnostných zraniteľností, medzi ktorými sú aj kritické bezpečnostné zraniteľnosti. Najzávažnejšie zraniteľnosti by vzdialený neautentifikovaný útočník mohol zneužiť na vykonanie škodlivého kódu a úplné narušenie dôvernosti, integrity a dostupnosti systému. |
| Dátum prvého zverejnenia varovania |
| 27.10.2020 |
| CVE |
| CVE-2013-7285, CVE-2015-1832, CVE-2015-9251, CVE-2016-0701, CVE-2016-1000031, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, CVE-2016-10244, CVE-2016-10328, CVE-2016-2167, CVE-2016-2168, CVE-2016-2183, CVE-2016-2510, CVE-2016-3189, CVE-2016-4800, CVE-2016-5000, CVE-2016-5300, CVE-2016-5725, CVE-2016-6153, CVE-2016-6306, CVE-2016-8610, CVE-2016-8734, CVE-2017-10989, CVE-2017-12626, CVE-2017-13098, CVE-2017-13685, CVE-2017-13745, CVE-2017-14232, CVE-2017-15095, CVE-2017-15286, CVE-2017-17485, CVE-2017-3164, CVE-2017-5644, CVE-2017-5645, CVE-2017-5662, CVE-2017-7525, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-7857, CVE-2017-7858, CVE-2017-7864, CVE-2017-8105, CVE-2017-8287, CVE-2017-9096, CVE-2017-9735, CVE-2017-9800, CVE-2018-1000180, CVE-2018-1000613, CVE-2018-1000873, CVE-2018-11054, CVE-2018-11055, CVE-2018-11056, CVE-2018-11057, CVE-2018-11058, CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-12536, CVE-2018-12538, CVE-2018-12545, CVE-2018-14718, CVE-2018-15769, CVE-2018-17196, CVE-2018-18873, CVE-2018-19139, CVE-2018-19539, CVE-2018-19540, CVE-2018-19541, CVE-2018-19542, CVE-2018-19543, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2018-20570, CVE-2018-20584, CVE-2018-20622, CVE-2018-20843, CVE-2018-2765, CVE-2018-3693, CVE-2018-5382, CVE-2018-5968, CVE-2018-6942, CVE-2018-7489, CVE-2018-8013, CVE-2018-8088, CVE-2018-8740, CVE-2018-9055, CVE-2018-9154, CVE-2018-9252, CVE-2019-0192, CVE-2019-0201, CVE-2019-10072, CVE-2019-10097, CVE-2019-1010239, CVE-2019-10173, CVE-2019-10241, CVE-2019-10246, CVE-2019-10247, CVE-2019-10744, CVE-2019-11048, CVE-2019-11358, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11834, CVE-2019-11835, CVE-2019-11922, CVE-2019-12086, CVE-2019-12260, CVE-2019-12261, CVE-2019-12384, CVE-2019-12402, CVE-2019-12415, CVE-2019-12419, CVE-2019-12423, CVE-2019-12814, CVE-2019-12900, CVE-2019-13990, CVE-2019-14379, CVE-2019-14540, CVE-2019-14893, CVE-2019-1547, CVE-2019-1549, CVE-2019-1552, CVE-2019-1563, CVE-2019-15903, CVE-2019-16168, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17091, CVE-2019-17267, CVE-2019-17359, CVE-2019-17495, CVE-2019-17531, CVE-2019-17543, CVE-2019-17558, CVE-2019-17569, CVE-2019-17632, CVE-2019-17638, CVE-2019-18348, CVE-2019-20330, CVE-2019-2897, CVE-2019-2904, CVE-2019-3738, CVE-2019-3739, CVE-2019-3740, CVE-2019-5018, CVE-2019-5427, CVE-2019-5435, CVE-2019-5436, CVE-2019-5443, CVE-2019-5481, CVE-2019-5482, CVE-2019-8457, CVE-2019-9511, CVE-2019-9513, CVE-2019-9936, CVE-2019-9937, CVE-2020-10108, CVE-2020-10543, CVE-2020-10650, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10722, CVE-2020-10723, CVE-2020-10724, CVE-2020-10878, CVE-2020-10968, CVE-2020-10969, CVE-2020-11022, CVE-2020-11023, CVE-2020-11080, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-11655, CVE-2020-11656, CVE-2020-11971, CVE-2020-11972, CVE-2020-11973, CVE-2020-11984, CVE-2020-11993, CVE-2020-11996, CVE-2020-12243, CVE-2020-12723, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-13920, CVE-2020-13934, CVE-2020-13935, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-14672, CVE-2020-14731, CVE-2020-14732, CVE-2020-14734, CVE-2020-14735, CVE-2020-14736, CVE-2020-14740, CVE-2020-14741, CVE-2020-14742, CVE-2020-14743, CVE-2020-14744, CVE-2020-14745, CVE-2020-14746, CVE-2020-14750, CVE-2020-14752, CVE-2020-14753, CVE-2020-14754, CVE-2020-14757, CVE-2020-14758, CVE-2020-14759, CVE-2020-14760, CVE-2020-14761, CVE-2020-14762, CVE-2020-14763, CVE-2020-14764, CVE-2020-14765, CVE-2020-14766, CVE-2020-14767, CVE-2020-14768, CVE-2020-14769, CVE-2020-14770, CVE-2020-14771, CVE-2020-14772, CVE-2020-14773, CVE-2020-14774, CVE-2020-14775, CVE-2020-14776, CVE-2020-14777, CVE-2020-14778, CVE-2020-14779, CVE-2020-14780, CVE-2020-14781, CVE-2020-14782, CVE-2020-14783, CVE-2020-14784, CVE-2020-14785, CVE-2020-14786, CVE-2020-14787, CVE-2020-14788, CVE-2020-14789, CVE-2020-14790, CVE-2020-14791, CVE-2020-14792, CVE-2020-14793, CVE-2020-14794, CVE-2020-14795, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14799, CVE-2020-14800, CVE-2020-14801, CVE-2020-14802, CVE-2020-14803, CVE-2020-14804, CVE-2020-14805, CVE-2020-14806, CVE-2020-14807, CVE-2020-14808, CVE-2020-14809, CVE-2020-14810, CVE-2020-14811, CVE-2020-14812, CVE-2020-14813, CVE-2020-14814, CVE-2020-14815, CVE-2020-14816, CVE-2020-14817, CVE-2020-14818, CVE-2020-14819, CVE-2020-14820, CVE-2020-14821, CVE-2020-14822, CVE-2020-14823, CVE-2020-14824, CVE-2020-14825, CVE-2020-14826, CVE-2020-14827, CVE-2020-14828, CVE-2020-14829, CVE-2020-14830, CVE-2020-14831, CVE-2020-14832, CVE-2020-14833, CVE-2020-14834, CVE-2020-14835, CVE-2020-14836, CVE-2020-14837, CVE-2020-14838, CVE-2020-14839, CVE-2020-14840, CVE-2020-14841, CVE-2020-14842, CVE-2020-14843, CVE-2020-14844, CVE-2020-14845, CVE-2020-14846, CVE-2020-14847, CVE-2020-14848, CVE-2020-14849, CVE-2020-14850, CVE-2020-14851, CVE-2020-14852, CVE-2020-14853, CVE-2020-14854, CVE-2020-14855, CVE-2020-14856, CVE-2020-14857, CVE-2020-14858, CVE-2020-14859, CVE-2020-14860, CVE-2020-14861, CVE-2020-14862, CVE-2020-14863, CVE-2020-14864, CVE-2020-14865, CVE-2020-14866, CVE-2020-14867, CVE-2020-14868, CVE-2020-14869, CVE-2020-14870, CVE-2020-14871, CVE-2020-14872, CVE-2020-14873, CVE-2020-14875, CVE-2020-14876, CVE-2020-14877, CVE-2020-14878, CVE-2020-14879, CVE-2020-14880, CVE-2020-14881, CVE-2020-14882, CVE-2020-14883, CVE-2020-14884, CVE-2020-14885, CVE-2020-14886, CVE-2020-14887, CVE-2020-14888, CVE-2020-14889, CVE-2020-14890, CVE-2020-14891, CVE-2020-14892, CVE-2020-14893, CVE-2020-14894, CVE-2020-14895, CVE-2020-14896, CVE-2020-14897, CVE-2020-14898, CVE-2020-14899, CVE-2020-14900, CVE-2020-14901, CVE-2020-15358, CVE-2020-15389, CVE-2020-1730, CVE-2020-1935, CVE-2020-1938, CVE-2020-1941, CVE-2020-1945, CVE-2020-1950, CVE-2020-1951, CVE-2020-1953, CVE-2020-1954, CVE-2020-1967, CVE-2020-2555, CVE-2020-3235, CVE-2020-3909, CVE-2020-4051, CVE-2020-5397, CVE-2020-5398, CVE-2020-5407, CVE-2020-5408, CVE-2020-7067, CVE-2020-8172, CVE-2020-8174, CVE-2020-8840, CVE-2020-9281, CVE-2020-9327, CVE-2020-9409, CVE-2020-9410, CVE-2020-9484, CVE-2020-9488, CVE-2020-9489, CVE-2020-9490, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548 |
| IOC |
| – |
| Zasiahnuté systémy |
| Application Performance Management (APM), verzie 13.3.0.0, 13.4.0.0 Big Data Spatial and Graph, verzie staršie ako 3.0 Enterprise Manager Base Platform, verzie 13.2.1.0, 13.3.0.0, 13.4.0.0 Enterprise Manager for Peoplesoft, verzia 13.4.1.1 Enterprise Manager for Storage Management, verzie 13.3.0.0, 13.4.0.0 Enterprise Manager Ops Center, verzia 12.4.0.0 Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, verzie staršie ako XCP2362, staršie ako XCP3090 Fujitsu M12-1, M12-2, M12-2S Servers, verzie staršie ako XCP3090 Hyperion Analytic Provider Services, verzia 11.1.2.4 Hyperion BI+, verzia 11.1.2.4 Hyperion Essbase, verzia 11.1.2.4 Hyperion Infrastructure Technology, verzia 11.1.2.4 Hyperion Lifecycle Management, verzia 11.1.2.4 Hyperion Planning, verzia 11.1.2.4 Identity Manager Connector, verzia 9.0 Instantis EnterpriseTrack, verzie 17.1, 17.2, 17.3 Management Pack for Oracle GoldenGate, verzia 12.2.1.2.0 MySQL Cluster, verzie 7.3.30 a staršie, 7.4.29 a staršie, 7.5.19 a staršie, 7.6.15 a staršie, 8.0.21 a staršie MySQL Enterprise Monitor, verzie 8.0.21 a staršie MySQL Server, verzie 5.6.49 a staršie, 5.7.31 a staršie, 8.0.21 a staršie MySQL Workbench, verzie 8.0.21 a staršie Oracle Access Manager, verzia 11.1.2.3.0 Oracle Agile PLM, verzie 9.3.3, 9.3.5, 9.3.6 Oracle Agile Product Lifecycle Management for Process, verzia 6.2.0.0 Oracle Application Express, verzie staršie ako 20.2 Oracle Application Testing Suite, verzia 13.3.0.1 Oracle Banking Corporate Lending, verzie 12.3.0, 14.0.0-14.4.0 Oracle Banking Digital Experience, verzie 18.1, 18.2, 18.3, 19.1, 19.2, 20.1 Oracle Banking Payments, verzie 14.1.0-14.4.0 Oracle Banking Platform, verzie 2.4.0-2.10.0 Oracle BI Publisher, verzie 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Oracle Business Intelligence Enterprise Edition, verzie 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Oracle Business Process Management Suite, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle Communications Application Session Controller, verzie 3.8m0, 3.9m0p1 Oracle Communications Billing and Revenue Management, verzie 7.5.0.23.0, 12.0.0.2.0, 12.0.0.3.0 Oracle Communications BRM – Elastic Charging Engine, verzie 11.3.0.9.0, 12.0.0.3.0 Oracle Communications Diameter Signaling Router (DSR), verzie 8.0.0.0-8.4.0.5, [IDIH] 8.0.0-8.2.2 Oracle Communications EAGLE Software, verzie 46.6.0-46.8.2 Oracle Communications Element Manager, verzie 8.2.0-8.2.2 Oracle Communications Evolved Communications Application Server, verzia 7.1 Oracle Communications Messaging Server, verzia 8.1 Oracle Communications Offline Mediation Controller, verzia 12.0.0.3.0 Oracle Communications Services Gatekeeper, verzia 7 Oracle Communications Session Border Controller, verzie 8.2-8.4 Oracle Communications Session Report Manager, verzie 8.2.0-8.2.2 Oracle Communications Session Route Manager, verzie 8.2.0-8.2.2 Oracle Communications Unified Inventory Management, verzie 7.3.0, 7.4.0 Oracle Communications WebRTC Session Controller, verzia 7.2 Oracle Data Integrator, verzie 11.1.1.9.0, 12.2.1.3.0 Oracle Database Server, verzie 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Oracle E-Business Suite, verzie 12.1.1-12.1.3, 12.2.3-12.2.10 Oracle Endeca Information Discovery Integrator, verzia 3.2.0 Oracle Endeca Information Discovery Studio, verzia 3.2.0 Oracle Enterprise Repository, verzia 11.1.1.7.0 Oracle Enterprise Session Border Controller, verzia 8.4 Oracle Financial Services Analytical Applications Infrastructure, verzie 8.0.6-8.1.0 Oracle Financial Services Analytical Applications Reconciliation Framework, verzie 8.0.6-8.0.8, 8.1.0 Oracle Financial Services Asset Liability Management, verzie 8.0.6, 8.0.7, 8.1.0 Oracle Financial Services Balance Sheet Planning, verzia 8.0.8 Oracle Financial Services Basel Regulatory Capital Basic, verzie 8.0.6-8.0.8, 8.1.0 Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, verzie 8.0.6-8.0.8, 8.1.0 Oracle Financial Services Data Foundation, verzie 8.0.6-8.1.0 Oracle Financial Services Data Governance for US Regulatory Reporting, verzie 8.0.6-8.0.9 Oracle Financial Services Data Integration Hub, verzie 8.0.6, 8.0.7, 8.1.0 Oracle Financial Services Funds Transfer Pricing, verzie 8.0.6, 8.0.7, 8.1.0 Oracle Financial Services Hedge Management and IFRS Valuations, verzie 8.0.6-8.0.8, 8.1.0 Oracle Financial Services Institutional Performance Analytics, verzie 8.0.6, 8.0.7, 8.1.0, 8.7.0 Oracle Financial Services Liquidity Risk Management, verzia 8.0.6 Oracle Financial Services Liquidity Risk Measurement and Management, verzie 8.0.7, 8.0.8, 8.1.0 Oracle Financial Services Loan Loss Forecasting and Provisioning, verzie 8.0.6-8.0.8, 8.1.0 Oracle Financial Services Market Risk Measurement and Management, verzie 8.0.6, 8.0.8, 8.1.0 Oracle Financial Services Price Creation and Discovery, verzie 8.0.6, 8.0.7 Oracle Financial Services Profitability Management, verzie 8.0.6, 8.0.7, 8.1.0 Oracle Financial Services Regulatory Reporting for European Banking Authority, verzie 8.0.6-8.1.0 Oracle Financial Services Regulatory Reporting for US Federal Reserve, verzie 8.0.6-8.0.9 Oracle Financial Services Regulatory Reporting with AgileREPORTER, verzia 8.0.9.2.0 Oracle Financial Services Retail Customer Analytics, verzia 8.0.6 Oracle FLEXCUBE Core Banking, verzie 5.2.0, 11.5.0-11.7.0 Oracle FLEXCUBE Direct Banking, verzie 12.0.1, 12.0.2, 12.0.3 Oracle FLEXCUBE Private Banking, verzie 12.0.0, 12.1.0 Oracle FLEXCUBE Universal Banking, verzie 12.3.0, 14.0.0-14.4.0 Oracle GoldenGate Application Adapters, verzie 12.3.2.1.0, 19.1.0.0.0 Oracle GraalVM Enterprise Edition, verzie 19.3.3, 20.2.0 Oracle Health Sciences Empirica Signal, verzia 9.0 Oracle Healthcare Data Repository, verzia 7.0.1 Oracle Healthcare Foundation, verzie 7.1.1, 7.2.0, 7.2.1, 7.3.0 Oracle Hospitality Guest Access, verzie 4.2.0, 4.2.1 Oracle Hospitality Materials Control, verzia 18.1 Oracle Hospitality OPERA 5 Property Services, verzie 5.5, 5.6 Oracle Hospitality Reporting and Analytics, verzia 9.1.0 Oracle Hospitality RES 3700, verzia 5.7 Oracle Hospitality Simphony, verzie 18.1, 18.2, 19.1.0-19.1.2 Oracle Hospitality Suite8, verzie 8.10.2, 8.11-8.14 Oracle HTTP Server, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle Insurance Accounting Analyzer, verzia 8.0.9 Oracle Insurance Allocation Manager for Enterprise Profitability, verzie 8.0.8, 8.1.0 Oracle Insurance Data Foundation, verzie 8.0.6-8.1.0 Oracle Insurance Insbridge Rating and Underwriting, verzie 5.0.0.0-5.6.0.0, 5.6.1.0 Oracle Insurance Policy Administration J2EE, verzie 10.2.0.37, 10.2.4.12, 11.0.2.25, 11.1.0.15, 11.2.0.26, 11.2.2.0 Oracle Insurance Rules Palette, verzie 10.2.0.37, 10.2.4.12, 11.0.2.25, 11.1.0.15, 11.2.0.26 Oracle Java SE, verzie 7u271, 8u261, 11.0.8, 15 Oracle Java SE Embedded, verzia 8u261 Oracle JDeveloper, verzie 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Oracle Managed File Transfer, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle Outside In Technology, verzie 8.5.4, 8.5.5 Oracle Policy Automation, verzie 12.2.0-12.2.20 Oracle Policy Automation Connector for Siebel, verzia 10.4.6 Oracle Policy Automation for Mobile Devices, verzie 12.2.0-12.2.20 Oracle REST Data Services, verzie 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, [Standalone ORDS] staršie ako 20.2.1 Oracle Retail Advanced Inventory Planning, verzia 14.1 Oracle Retail Assortment Planning, verzie 15.0.3.0, 16.0.3.0 Oracle Retail Back Office, verzie 14.0, 14.1 Oracle Retail Bulk Data Integration, verzie 15.0.3.0, 16.0.3.0 Oracle Retail Central Office, verzie 14.0, 14.1 Oracle Retail Customer Management and Segmentation Foundation, verzie 18.0, 19.0 Oracle Retail Integration Bus, verzie 14.1, 15.0, 16.0 Oracle Retail Order Broker, verzie 15.0, 16.0, 18.0, 19.0, 19.1, 19.2, 19.3 Oracle Retail Point-of-Service, verzie 14.0, 14.1 Oracle Retail Predictive Application Server, verzie 14.1.3.0, 15.0.3.0, 16.0.3.0 Oracle Retail Price Management, verzie 14.0.4, 14.1.3.0, 15.0.3.0, 16.0.3.0 Oracle Retail Returns Management, verzie 14.0, 14.1 Oracle Retail Service Backbone, verzie 14.1, 15.0, 16.0 Oracle Retail Xstore Point of Service, verzie 15.0.3, 16.0.5, 17.0.3, 18.0.2, 19.0.1 Oracle Solaris, verzie 10, 11 Oracle TimesTen In-Memory Database, verzie staršie ako 11.2.2.8.49, staršie ako 18.1.3.1.0, staršie ako 18.1.4.1.0 Oracle Transportation Management, verzia 6.3.7 Oracle Utilities Framework, verzie 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0 Oracle VM VirtualBox, verzie staršie ako 6.1.16 Oracle WebCenter Portal, verzie 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Oracle WebLogic Server, verzie 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 Oracle ZFS Storage Appliance Kit, verzia 8.8 PeopleSoft Enterprise HCM Global Payroll Core, verzia 9.2 PeopleSoft Enterprise PeopleTools, verzie 8.56, 8.57, 8.58 PeopleSoft Enterprise SCM eSupplier Connection, verzia 9.2 Primavera Gateway, verzie 16.2.0-16.2.11, 17.12.0-17.12.8 Primavera Unifier, verzie 16.1, 16.2, 17.7-17.12, 18.8, 19.12 Siebel Applications, verzie 20.7, 20.8 |
| Následky |
| Vykonanie škodlivého kódu a úplné narušenie dôvernosti, integrity a dostupnosti systému Zneprístupnenie služby Eskalácia privilégií |
| Odporúčania |
| Administrátorom a používateľom odporúčame bezodkladne vykonať aktualizáciu zasiahnutých systémov. Taktiež odporúčame poučiť používateľov, aby neotvárali neoverené e-mailové správy, prílohy z neznámych zdrojov a nenavštevovali nedôveryhodné webové stránky. Po odstránení zraniteľnosti, ktoré mohli spôsobiť vzdialené vykonanie kódu, je dobrou praxou kontrola systému a zmena všetkých hesiel a kľúčov na dotknutom systéme a aj na iných systémoch, kde sa používalo rovnaké heslo či kľúč. |
| Zdroje |
| https://www.oracle.com/security-alerts/alert-cve-2020-14750.html#AppendixFMWl https://www.oracle.com/security-alerts/cpuoct2020.html |
« Späť na zoznam
