SK-CERT Bezpečnostné varovanie V20220119-01
Dôležitosť | Kritická |
Klasifikácia | Neutajované/TLP WHITE |
CVSS Skóre |
9.9 |
Identifikátor |
Oracle produkty – viacero kritických bezpečnostných zraniteľností |
Popis |
Spoločnosť Oracle vydala bezpečnostnú aktualizáciu na svoje portfólio produktov, ktoré opravujú viacero kritických bezpečnostných zraniteľností. Najzávažnejšia kritická bezpečnostná zraniteľnosť spočíva v nedostatočnej implementácii bezpečnostných mechanizmov a umožňuje vzdialenému, neautentifikovanému útočníkovi vykonať škodlivý kód s následkom úplného narušenia dôvernosti, integrity a dostupnosti systému. |
Dátum prvého zverejnenia varovania |
17.01.2022 |
CVE |
CVE-2016-7103, CVE-2018-11771, CVE-2018-1311, CVE-2018-1324, CVE-2019-10086, CVE-2019-10219, CVE-2019-11358, CVE-2019-13734, CVE-2019-17091, CVE-2019-17495, CVE-2019-17566, CVE-2020-10543, CVE-2020-10683, CVE-2020-10878, CVE-2020-11022, CVE-2020-11023, CVE-2020-11979, CVE-2020-11987, CVE-2020-12723, CVE-2020-13817, CVE-2020-13934, CVE-2020-13935, CVE-2020-13936, CVE-2020-13949, CVE-2020-13956, CVE-2020-14340, CVE-2020-14642, CVE-2020-14756, CVE-2020-15824, CVE-2020-17521, CVE-2020-17527, CVE-2020-17530, CVE-2020-1945, CVE-2020-24616, CVE-2020-24750, CVE-2020-25649, CVE-2020-27618, CVE-2020-28052, CVE-2020-28469, CVE-2020-28500, CVE-2020-2934, CVE-2020-29582, CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189, CVE-2020-5258, CVE-2020-5421, CVE-2020-6950, CVE-2020-7712, CVE-2020-8177, CVE-2020-8203, CVE-2020-8284, CVE-2020-8285, CVE-2020-8554, CVE-2020-8908, CVE-2020-9281, CVE-2020-9484, CVE-2021-20718, CVE-2021-21409, CVE-2021-21703, CVE-2021-21705, CVE-2021-21783, CVE-2021-22118, CVE-2021-22119, CVE-2021-2277, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, CVE-2021-22946, CVE-2021-22947, CVE-2021-22959, CVE-2021-22960, CVE-2021-23017, CVE-2021-23336, CVE-2021-23337, CVE-2021-2344, CVE-2021-23440, CVE-2021-2351, CVE-2021-2371, CVE-2021-23840, CVE-2021-2428, CVE-2021-25122, CVE-2021-25329, CVE-2021-26691, CVE-2021-27568, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-28169, CVE-2021-29425, CVE-2021-29505, CVE-2021-29921, CVE-2021-29923, CVE-2021-30369, CVE-2021-30639, CVE-2021-30640, CVE-2021-31684, CVE-2021-3177, CVE-2021-31811, CVE-2021-31812, CVE-2021-32012, CVE-2021-32013, CVE-2021-32014, CVE-2021-32723, CVE-2021-32808, CVE-2021-32809, CVE-2021-32827, CVE-2021-33037, CVE-2021-33193, CVE-2021-3326, CVE-2021-33560, CVE-2021-33880, CVE-2021-33909, CVE-2021-3426, CVE-2021-34428, CVE-2021-34429, CVE-2021-3448, CVE-2021-34558, CVE-2021-34798, CVE-2021-35043, CVE-2021-3516, CVE-2021-3517, CVE-2021-3541, CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-35587, CVE-2021-35683, CVE-2021-35684, CVE-2021-35685, CVE-2021-35686, CVE-2021-35687, CVE-2021-36090, CVE-2021-36160, CVE-2021-36221, CVE-2021-3634, CVE-2021-36373, CVE-2021-36374, CVE-2021-36690, CVE-2021-3711, CVE-2021-3712, CVE-2021-37136, CVE-2021-37137, CVE-2021-37695, CVE-2021-37714, CVE-2021-38153, CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, CVE-2021-39154, CVE-2021-39275, CVE-2021-40438, CVE-2021-4104, CVE-2021-41164, CVE-2021-41165, CVE-2021-41524, CVE-2021-41773, CVE-2021-42013, CVE-2021-42340, CVE-2021-42575, CVE-2021-43395, CVE-2021-44224, CVE-2021-44228, CVE-2021-44790, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2022-21242, CVE-2022-21243, CVE-2022-21244, CVE-2022-21245, CVE-2022-21246, CVE-2022-21247, CVE-2022-21248, CVE-2022-21249, CVE-2022-21250, CVE-2022-21251, CVE-2022-21252, CVE-2022-21253, CVE-2022-21254, CVE-2022-21255, CVE-2022-21256, CVE-2022-21257, CVE-2022-21258, CVE-2022-21259, CVE-2022-21260, CVE-2022-21261, CVE-2022-21262, CVE-2022-21263, CVE-2022-21264, CVE-2022-21265, CVE-2022-21266, CVE-2022-21267, CVE-2022-21268, CVE-2022-21269, CVE-2022-21270, CVE-2022-21271, CVE-2022-21272, CVE-2022-21273, CVE-2022-21274, CVE-2022-21275, CVE-2022-21276, CVE-2022-21277, CVE-2022-21278, CVE-2022-21279, CVE-2022-21280, CVE-2022-21281, CVE-2022-21282, CVE-2022-21283, CVE-2022-21284, CVE-2022-21285, CVE-2022-21286, CVE-2022-21287, CVE-2022-21288, CVE-2022-21289, CVE-2022-21290, CVE-2022-21291, CVE-2022-21292, CVE-2022-21293, CVE-2022-21294, CVE-2022-21295, CVE-2022-21296, CVE-2022-21297, CVE-2022-21298, CVE-2022-21299, CVE-2022-21300, CVE-2022-21301, CVE-2022-21302, CVE-2022-21303, CVE-2022-21304, CVE-2022-21305, CVE-2022-21306, CVE-2022-21307, CVE-2022-21308, CVE-2022-21309, CVE-2022-21310, CVE-2022-21311, CVE-2022-21312, CVE-2022-21313, CVE-2022-21314, CVE-2022-21315, CVE-2022-21316, CVE-2022-21317, CVE-2022-21318, CVE-2022-21319, CVE-2022-21320, CVE-2022-21321, CVE-2022-21322, CVE-2022-21323, CVE-2022-21324, CVE-2022-21325, CVE-2022-21326, CVE-2022-21327, CVE-2022-21328, CVE-2022-21329, CVE-2022-21330, CVE-2022-21331, CVE-2022-21332, CVE-2022-21333, CVE-2022-21334, CVE-2022-21335, CVE-2022-21336, CVE-2022-21337, CVE-2022-21338, CVE-2022-21339, CVE-2022-21340, CVE-2022-21341, CVE-2022-21342, CVE-2022-21344, CVE-2022-21345, CVE-2022-21346, CVE-2022-21347, CVE-2022-21348, CVE-2022-21349, CVE-2022-21350, CVE-2022-21351, CVE-2022-21352, CVE-2022-21353, CVE-2022-21354, CVE-2022-21355, CVE-2022-21356, CVE-2022-21357, CVE-2022-21358, CVE-2022-21359, CVE-2022-21360, CVE-2022-21361, CVE-2022-21362, CVE-2022-21363, CVE-2022-21364, CVE-2022-21365, CVE-2022-21366, CVE-2022-21367, CVE-2022-21368, CVE-2022-21369, CVE-2022-21370, CVE-2022-21371, CVE-2022-21372, CVE-2022-21373, CVE-2022-21374, CVE-2022-21375, CVE-2022-21376, CVE-2022-21377, CVE-2022-21378, CVE-2022-21379, CVE-2022-21380, CVE-2022-21381, CVE-2022-21382, CVE-2022-21383, CVE-2022-21386, CVE-2022-21387, CVE-2022-21388, CVE-2022-21389, CVE-2022-21390, CVE-2022-21391, CVE-2022-21392, CVE-2022-21393, CVE-2022-21394, CVE-2022-21395, CVE-2022-21396, CVE-2022-21397, CVE-2022-21398, CVE-2022-21399, CVE-2022-21400, CVE-2022-21401, CVE-2022-21402, CVE-2022-21403 |
IOC |
– |
Zasiahnuté systémy |
Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite Application Performance Management Big Data Spatial and Graph Enterprise Manager Base Platform Enterprise Manager Ops Center Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Instantis EnterpriseTrack JD Edwards EnterpriseOne Tools MySQL Cluster MySQL Connectors MySQL Server MySQL Workbench Oracle Access Manager Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Agile PLM MCAD Connector Oracle Airlines Data Model Oracle Application Express Oracle Application Testing Suite Oracle Argus Analytics Oracle Argus Insight Oracle Argus Mart Oracle Argus Safety Oracle Banking APIs Oracle Banking Deposits and Lines of Credit Servicing Oracle Banking Digital Experience Oracle Banking Enterprise Default Management Oracle Banking Loans Servicing Oracle Banking Party Management Oracle Banking Platform Oracle BI Publisher Oracle Business Activity Monitoring Oracle Business Intelligence Enterprise Edition Oracle Business Process Management Suite Oracle Clinical Oracle Commerce Guided Search Oracle Commerce Platform Oracle Communications Billing and Revenue Management Oracle Communications BRM – Elastic Charging Engine Oracle Communications Calendar Server Oracle Communications Cloud Native Core Automated Test Suite Oracle Communications Cloud Native Core Binding Support Function Oracle Communications Cloud Native Core Console Oracle Communications Cloud Native Core Network Function Cloud Native Environment Oracle Communications Cloud Native Core Network Repository Function Oracle Communications Cloud Native Core Policy Oracle Communications Cloud Native Core Security Edge Protection Proxy Oracle Communications Cloud Native Core Service Communication Proxy Oracle Communications Cloud Native Core Unified Data Repository Oracle Communications Contacts Server Oracle Communications Convergence Oracle Communications Convergent Charging Controller Oracle Communications Data Model Oracle Communications Design Studio Oracle Communications Diameter Signaling Router Oracle Communications EAGLE Application Processor Oracle Communications Instant Messaging Server Oracle Communications Interactive Session Recorder Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Network Integrity Oracle Communications Offline Mediation Controller Oracle Communications Operations Monitor Oracle Communications Pricing Design Center Oracle Communications Service Broker Oracle Communications Services Gatekeeper Oracle Communications Session Border Controller Oracle Communications Unified Inventory Management Oracle Communications WebRTC Session Controller Oracle Data Integrator Oracle Database Server Oracle Demantra Demand Management Oracle E-Business Suite Oracle Enterprise Communications Broker Oracle Enterprise Data Quality Oracle Enterprise Session Border Controller Oracle Essbase Oracle Essbase Administration Services Oracle Financial Services Analytical Applications Infrastructure Oracle Financial Services Behavior Detection Platform Oracle Financial Services Enterprise Case Management Oracle Financial Services Foreign Account Tax Compliance Act Management Oracle Financial Services Model Management and Governance Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Oracle FLEXCUBE Investor Servicing Oracle FLEXCUBE Private Banking Oracle Fusion Middleware Oracle Fusion Middleware MapViewer Oracle GoldenGate Oracle GraalVM Enterprise Edition Oracle Graph Server and Client Oracle Health Sciences Clinical Development Analytics Oracle Health Sciences InForm CRF Submit Oracle Health Sciences Information Manager Oracle Healthcare Data Repository Oracle Healthcare Foundation Oracle Healthcare Translational Research Oracle Hospitality Cruise Shipboard Property Management System Oracle Hospitality OPERA 5 Oracle Hospitality Reporting and Analytics Oracle Hospitality Suite8 Oracle HTTP Server Oracle Hyperion Infrastructure Technology Oracle iLearning Oracle Insurance Data Gateway Oracle Insurance Insbridge Rating and Underwriting Oracle Insurance Policy Administration Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette Oracle Java SE Oracle Managed File Transfer Oracle NoSQL Database Oracle Policy Automation Oracle Product Lifecycle Analytics Oracle Rapid Planning Oracle Real User Experience Insight Oracle REST Data Services Oracle Retail Allocation Oracle Retail Analytics, version 21.0.1 Oracle Retail Assortment Planning Oracle Retail Back Office Oracle Retail Central Office Oracle Retail Customer Insights Oracle Retail Customer Management and Segmentation Foundation Oracle Retail EFTLink Oracle Retail Extract Transform and Load Oracle Retail Financial Integration Oracle Retail Fiscal Management Oracle Retail Integration Bus Oracle Retail Invoice Matching Oracle Retail Merchandising System Oracle Retail Order Broker Oracle Retail Order Management System Oracle Retail Point-of-Service Oracle Retail Predictive Application Server Oracle Retail Price Management Oracle Retail Returns Management Oracle Retail Service Backbone Oracle Retail Size Profile Optimization Oracle Retail Xstore Point of Service Oracle SD-WAN Aware Oracle SD-WAN Edge Oracle Secure Backup Oracle Solaris Oracle Spatial Studio Oracle Thesaurus Management System Oracle TimesTen In-Memory Database Oracle Utilities Framework Oracle Utilities Testing Accelerator Oracle VM VirtualBox Oracle WebCenter Portal Oracle WebLogic Server Oracle ZFS Storage Appliance Kit Oracle ZFS Storage Application Integration Engineering Software OSS Support Tools PeopleSoft Enterprise CS SA Integration Pack PeopleSoft Enterprise PeopleTools Primavera Analytics Primavera Data Warehouse Primavera Gateway Primavera P6 Enterprise Project Portfolio Management Primavera P6 Professional Project Management Primavera Portfolio Management Primavera Unifier Siebel Applications Presnú špecifikáciu jednotlivých zasiahnutých produktov nájdete na webovej adrese: https://www.oracle.com/security-alerts/cpujan2022.html/a> |
Následky |
Vykonanie škodlivého kódu a úplné narušenie dôvernosti, integrity a dostupnosti systému |
Odporúčania |
Administrátorom a používateľom odporúčame bezodkladne vykonať aktualizáciu zasiahnutých systémov. Po odstránení zraniteľností, ktoré mohli spôsobiť vzdialené vykonanie kódu, je dobrou praxou kontrola systému a zmena všetkých hesiel a kľúčov na dotknutom systéme a aj na iných systémoch, kde sa používalo rovnaké heslo či kľúč. |
Zdroje |
https://www.oracle.com/security-alerts/cpujan2022.html https://www.securityweek.com/oracle-release-nearly-500-new-security-patches |
« Späť na zoznam