SK-CERT Bezpečnostné varovanie V20220420-01
| Dôležitosť | Kritická |
| Klasifikácia | Neutajované/TLP WHITE |
| CVSS Skóre |
9.8 |
| Identifikátor |
| Oracle produkty – viacero kritických bezpečnostných zraniteľností |
| Popis |
| Spoločnosť Oracle vydala bezpečnostnú aktualizáciu na svoje portfólio produktov, ktoré opravujú viacero kritických bezpečnostných zraniteľností. Najzávažnejšia kritická bezpečnostná zraniteľnosť spočíva v nedostatočnej implementácii bezpečnostných mechanizmov a umožňuje vzdialenému, neautentifikovanému útočníkovi vykonať škodlivý kód s následkom úplného narušenia dôvernosti, integrity a dostupnosti systému. |
| Dátum prvého zverejnenia varovania |
| 19.04.2022 |
| CVE |
| CVE-2017-1000353, CVE-2017-14159, CVE-2017-17740, CVE-2017-9287, CVE-2018-1000067, CVE-2018-1000068, CVE-2018-1000192, CVE-2018-1000193, CVE-2018-1000194, CVE-2018-1000195, CVE-2018-11212, CVE-2018-1285, CVE-2018-1999001, CVE-2018-1999002, CVE-2018-1999003, CVE-2018-1999004, CVE-2018-1999005, CVE-2018-1999007, CVE-2018-2601, CVE-2018-6356, CVE-2018-8032, CVE-2019-0227, CVE-2019-1003049, CVE-2019-1003050, CVE-2019-10086, CVE-2019-10247, CVE-2019-10383, CVE-2019-10384, CVE-2019-12086, CVE-2019-12399, CVE-2019-12402, CVE-2019-13038, CVE-2019-13057, CVE-2019-13565, CVE-2019-13750, CVE-2019-13751, CVE-2019-14822, CVE-2019-14862, CVE-2019-16785, CVE-2019-16786, CVE-2019-16789, CVE-2019-16792, CVE-2019-17195, CVE-2019-17571, CVE-2019-18218, CVE-2019-18276, CVE-2019-19603, CVE-2019-20388, CVE-2019-20838, CVE-2019-20916, CVE-2019-3738, CVE-2019-3739, CVE-2019-3740, CVE-2019-3799, CVE-2019-5827, CVE-2020-10531, CVE-2020-10543, CVE-2020-10693, CVE-2020-10878, CVE-2020-11022, CVE-2020-11023, CVE-2020-11080, CVE-2020-11612, CVE-2020-11971, CVE-2020-11979, CVE-2020-12243, CVE-2020-12723, CVE-2020-13434, CVE-2020-13435, CVE-2020-13935, CVE-2020-13936, CVE-2020-13956, CVE-2020-14155, CVE-2020-14340, CVE-2020-14343, CVE-2020-15250, CVE-2020-15358, CVE-2020-15719, CVE-2020-16135, CVE-2020-17521, CVE-2020-17527, CVE-2020-17530, CVE-2020-1968, CVE-2020-1971, CVE-2020-24616, CVE-2020-24750, CVE-2020-24977, CVE-2020-25638, CVE-2020-25649, CVE-2020-25659, CVE-2020-27218, CVE-2020-28052, CVE-2020-28196, CVE-2020-28895, CVE-2020-29363, CVE-2020-29582, CVE-2020-35198, CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189, CVE-2020-36242, CVE-2020-36518, CVE-2020-5245, CVE-2020-5413, CVE-2020-5421, CVE-2020-6950, CVE-2020-7226, CVE-2020-7595, CVE-2020-7760, CVE-2020-8172, CVE-2020-8174, CVE-2020-8203, CVE-2020-8231, CVE-2020-8277, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-8554, CVE-2020-8908, CVE-2020-9488, CVE-2021-20231, CVE-2021-20232, CVE-2021-20289, CVE-2021-21275, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-21703, CVE-2021-22096, CVE-2021-22118, CVE-2021-22132, CVE-2021-22134, CVE-2021-22144, CVE-2021-22145, CVE-2021-22569, CVE-2021-22570, CVE-2021-22696, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22946, CVE-2021-22947, CVE-2021-23017, CVE-2021-23450, CVE-2021-2351, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-2427, CVE-2021-2464, CVE-2021-2471, CVE-2021-25219, CVE-2021-26291, CVE-2021-27568, CVE-2021-27645, CVE-2021-27807, CVE-2021-27906, CVE-2021-28168, CVE-2021-28169, CVE-2021-28170, CVE-2021-28657, CVE-2021-29425, CVE-2021-29505, CVE-2021-29921, CVE-2021-30129, CVE-2021-30468, CVE-2021-3156, CVE-2021-31799, CVE-2021-31810, CVE-2021-31811, CVE-2021-31812, CVE-2021-3200, CVE-2021-32066, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-32762, CVE-2021-32785, CVE-2021-32786, CVE-2021-32791, CVE-2021-32792, CVE-2021-33037, CVE-2021-33193, CVE-2021-33560, CVE-2021-33574, CVE-2021-33813, CVE-2021-33880, CVE-2021-34429, CVE-2021-3445, CVE-2021-3449, CVE-2021-3450, CVE-2021-34798, CVE-2021-35043, CVE-2021-3517, CVE-2021-3518, CVE-2021-3520, CVE-2021-3521, CVE-2021-3537, CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-35574, CVE-2021-3572, CVE-2021-3580, CVE-2021-35942, CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087, CVE-2021-36090, CVE-2021-36160, CVE-2021-36373, CVE-2021-36374, CVE-2021-3690, CVE-2021-3711, CVE-2021-3712, CVE-2021-37136, CVE-2021-37137, CVE-2021-37714, CVE-2021-3807, CVE-2021-38153, CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, CVE-2021-39154, CVE-2021-39275, CVE-2021-4034, CVE-2021-40438, CVE-2021-40690, CVE-2021-4104, CVE-2021-41099, CVE-2021-41164, CVE-2021-41165, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2021-4160, CVE-2021-41617, CVE-2021-4181, CVE-2021-4182, CVE-2021-4183, CVE-2021-4184, CVE-2021-4185, CVE-2021-41973, CVE-2021-42013, CVE-2021-42340, CVE-2021-42392, CVE-2021-42717, CVE-2021-43395, CVE-2021-43527, CVE-2021-43797, CVE-2021-43818, CVE-2021-43859, CVE-2021-44224, CVE-2021-44531, CVE-2021-44532, CVE-2021-44533, CVE-2021-44790, CVE-2021-44832, CVE-2021-45105, CVE-2022-0391, CVE-2022-0778, CVE-2022-20612, CVE-2022-20613, CVE-2022-20614, CVE-2022-20615, CVE-2022-21271, CVE-2022-21375, CVE-2022-21384, CVE-2022-21404, CVE-2022-21405, CVE-2022-21409, CVE-2022-21410, CVE-2022-21411, CVE-2022-21412, CVE-2022-21413, CVE-2022-21414, CVE-2022-21415, CVE-2022-21416, CVE-2022-21417, CVE-2022-21418, CVE-2022-21419, CVE-2022-21420, CVE-2022-21421, CVE-2022-21422, CVE-2022-21423, CVE-2022-21424, CVE-2022-21425, CVE-2022-21426, CVE-2022-21427, CVE-2022-21430, CVE-2022-21431, CVE-2022-21434, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21439, CVE-2022-21440, CVE-2022-21441, CVE-2022-21442, CVE-2022-21443, CVE-2022-21444, CVE-2022-21445, CVE-2022-21446, CVE-2022-21447, CVE-2022-21448, CVE-2022-21449, CVE-2022-21450, CVE-2022-21451, CVE-2022-21452, CVE-2022-21453, CVE-2022-21454, CVE-2022-21457, CVE-2022-21458, CVE-2022-21459, CVE-2022-21460, CVE-2022-21461, CVE-2022-21462, CVE-2022-21463, CVE-2022-21464, CVE-2022-21465, CVE-2022-21466, CVE-2022-21467, CVE-2022-21468, CVE-2022-21469, CVE-2022-21470, CVE-2022-21471, CVE-2022-21472, CVE-2022-21473, CVE-2022-21474, CVE-2022-21475, CVE-2022-21476, CVE-2022-21477, CVE-2022-21478, CVE-2022-21479, CVE-2022-21480, CVE-2022-21481, CVE-2022-21482, CVE-2022-21483, CVE-2022-21484, CVE-2022-21485, CVE-2022-21486, CVE-2022-21487, CVE-2022-21488, CVE-2022-21489, CVE-2022-21490, CVE-2022-21491, CVE-2022-21492, CVE-2022-21493, CVE-2022-21494, CVE-2022-21496, CVE-2022-21497, CVE-2022-21498, CVE-2022-21716, CVE-2022-21824, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-22947, CVE-2022-22963, CVE-2022-22965, CVE-2022-23181, CVE-2022-23221, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2022-23437, CVE-2022-23852, CVE-2022-23943, CVE-2022-23990, CVE-2022-24329, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315 |
| IOC |
| – |
| Zasiahnuté systémy |
| Engineered Systems Utilities, verzie 12.1.0.2, 19c, 21c Enterprise Manager Base Platform, verzie 13.4.0.0, 13.5.0.0 Enterprise Manager for Peoplesoft, verzie 13.4.1.1, 13.5.1.1 Enterprise Manager for Storage Management, vo verzii 13.4.0.0 Enterprise Manager Ops Center, vo verzii 12.4.0.0 Helidon, verzie 1.4.7, 1.4.10, 2.0.0-RC1 Instantis EnterpriseTrack, verzie 17.1, 17.2, 17.3 JD Edwards EnterpriseOne Tools, vo verzii staršej ako 9.2.6.3 JD Edwards World Security, vo verzii A9.4 Management Cloud Engine vo verzii staršej ako 1.5.1 Middleware Common Libraries and Tools, verzie 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 MySQL Cluster, vo verzii staršej ako 8.0.28 MySQL Connectors, vo verzii staršej ako 8.0.29 MySQL Enterprise Monitor, vo verzii staršej ako 8.0.29 MySQL Server, vo verzii staršej ako 8.0.29 MySQL Workbench, vo verzii staršej ako 8.0.29 Oracle Advanced Supply Chain Planning, verzie 12.1, 12.2 Oracle Agile Engineering Data Management, vo verzii 6.2.1.0 Oracle Agile PLM, vo verzii 9.3.6 Oracle Agile PLM MCAD Connector, vo verzii 3.6 Oracle Application Express, vo verzii staršej ako 22.1 Oracle Application Testing Suite, vo verzii 13.3.0.1 Oracle Autovue for Agile Product Lifecycle Management, vo verzii 21.0.2 Oracle Banking Deposits and Lines of Credit Servicing, vo verzii 2.12.0 Oracle Banking Enterprise Default Management, verzie 2.7.1, 2.10.0, 2.12.0 Oracle Banking Loans Servicing, vo verzii 2.12.0 Oracle Banking Party Management, vo verzii 2.7.0 Oracle Banking Payments, vo verzii 14.5 Oracle Banking Platform, verzie 2.6.2, 2.7.1, 2.12.0 Oracle Banking Trade Finance, vo verzii 14.5 Oracle Banking Treasury Management, vo verzii 14.5 Oracle Blockchain Platform, vo verzii staršej ako 21.1.2 Oracle Business Intelligence Enterprise Edition, verzie 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0, 12.2.1.4.0 Oracle Business Process Management Suite, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle Coherence, verzie 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 Oracle Commerce Guided Search, vo verzii 11.3.2 Oracle Communications ASAP, vo verzii 7.3 Oracle Communications Billing and Revenue Management, verzie 12.0.0.4, 12.0.0.5 Oracle Communications Cloud Native Core Automated Test Suite, verzie 1.8.0, 1.9.0, 22.1.0 Oracle Communications Cloud Native Core Binding Support Function, vo verzii 1.11.0 Oracle Communications Cloud Native Core Console, verzie 1.9.0, 22.1.0 Oracle Communications Cloud Native Core Network Exposure Function, vo verzii 22.1.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment, verzie 1.10.0, 22.1.0 Oracle Communications Cloud Native Core Network Repository Function, verzie 1.15.0, 1.15.1, 22.1.0 Oracle Communications Cloud Native Core Network Slice Selection Function, verzie 1.8.0, 22.1.0 Oracle Communications Cloud Native Core Policy, verzie 1.14.0, 1.15.0, 22.1.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy, verzie 1.7.0, 22.1.0 Oracle Communications Cloud Native Core Service Communication Proxy, vo verzii 1.15.0 Oracle Communications Cloud Native Core Unified Data Repository, verzie 1.15.0, 22.1.0 Oracle Communications Contacts Server, vo verzii 8.0.0.6.0 Oracle Communications Convergence, verzie 3.0.2.2, 3.0.3.0 Oracle Communications Convergent Charging Controller, verzie 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0 Oracle Communications Design Studio, verzie 7.3.5, 7.4.0-7.4.2 Oracle Communications Diameter Intelligence Hub, verzie 8.0.0-8.2.3 Oracle Communications Diameter Signaling Router, vo verzii 8.4.0.0 Oracle Communications EAGLE Application Processor Oracle Communications EAGLE Element Management System, vo verzii 46.6 Oracle Communications EAGLE FTP Table Base Retrieval, vo verzii 4.5 Oracle Communications EAGLE LNP Application Processor, verzie 10.1, 10.2 Oracle Communications EAGLE Software, verzie 46.7.0, 46.8.0-46.8.2, 46.9.1-46.9.3 Oracle Communications Element Manager, vo verzii staršej ako 9.0 Oracle Communications Evolved Communications Application Server, vo verzii 7.1 Oracle Communications Instant Messaging Server, vo verzii 10.0.1.5.0 Oracle Communications Interactive Session Recorder, vo verzii 6.4 Oracle Communications IP Service Activator, vo verzii 7.4.0 Oracle Communications Messaging Server, vo verzii 8.1 Oracle Communications MetaSolv Solution, vo verzii 6.3.1 Oracle Communications Network Charging and Control, verzie 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0 Oracle Communications Network Integrity, verzie 7.3.2, 7.3.5, 7.3.6 Oracle Communications Operations Monitor, verzie 4.3, 4.4, 5.0 Oracle Communications Order and Service Management, verzie 7.3, 7.4 Oracle Communications Performance Intelligence Center (PIC) Software, verzie 10.3.0.0.0-10.3.0.2.1, 10.4.0.1.0-10.4.0.3.1 Oracle Communications Policy Management, verzie 12.5.0.0.0, 12.6.0.0.0 Oracle Communications Pricing Design Center, verzie 12.0.0.4, 12.0.0.5 Oracle Communications Services Gatekeeper, vo verzii 7.0.0.0.0 Oracle Communications Session Border Controller, verzie 8.4, 9.0 Oracle Communications Session Report Manager, vo verzii staršej ako 9.0 Oracle Communications Session Route Manager, vo verzii staršej ako 9.0 Oracle Communications Unified Inventory Management, verzie 7.4.1, 7.4.2 Oracle Communications Unified Session Manager, verzie 8.2.5, 8.4.5 Oracle Communications User Data Repository, vo verzii 12.4 Oracle Communications WebRTC Session Controller, vo verzii 7.2.1 Oracle Data Integrator, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle Database Server, verzie 12.1.0.2, 19c, 21c Oracle Documaker, verzie 12.6.0, 12.6.2-12.6.4, 12.7.0 Oracle E-Business Suite, verzie 12.2.4-12.2.11, [EBS Cloud Manager and Backup Module] vo verzii staršej ako 22.1.1.1 Oracle Enterprise Communications Broker, verzie 3.2, 3.3 Oracle Enterprise Session Border Controller, verzie 8.4, 9.0 Oracle Ethernet Switch ES1-24, vo verzii 1.3.1 Oracle Ethernet Switch TOR-72, vo verzii 1.2.2 Oracle Financial Services Analytical Applications Infrastructure, verzie 8.0.6.0-8.0.9.0, 8.1.0.0-8.1.2.0 Oracle Financial Services Behavior Detection Platform, verzie 8.0.6.0-8.0.8.0, 8.1.1.0, 8.1.1.1, 8.1.2.0 Oracle Financial Services Enterprise Case Management, verzie 8.0.7.1, 8.0.7.2, 8.0.8.0, 8.0.8.1, 8.1.1.0, 8.1.1.1, 8.1.2.0 Oracle Financial Services Revenue Management and Billing, verzie 2.7.0.0, 2.7.0.1, 2.8.0.0 Oracle FLEXCUBE Universal Banking, verzie 11.83.3, 12.1-12.4, 14.0-14.3, 14.5 Oracle Global Lifecycle Management OPatch Oracle GoldenGate,vo verzii staršej ako 23.1 Oracle GoldenGate Application Adapters, vo verzii staršej ako 23.1 Oracle GoldenGate Big Data and Application Adapters, vo verzii staršej ako 23.1 Oracle GraalVM Enterprise Edition, verzie 20.3.5, 21.3.1, 22.0.0.2 Oracle Health Sciences Empirica Signal, verzie 9.1.0.6, 9.2.0.0 Oracle Health Sciences InForm, verzie 6.2.1.1, 6.3.2.1, 7.0.0.0 Oracle Health Sciences InForm Publisher, verzie 6.2.1.1, 6.3.1.1 Oracle Health Sciences Information Manager, verzie 3.0.1-3.0.4 Oracle Healthcare Data Repository, verzie 8.1.0, 8.1.1 Oracle Healthcare Foundation, verzie 7.3.0.1-7.3.0.4 Oracle Healthcare Master Person Index, vo verzii 5.0.1 Oracle Healthcare Translational Research, verzie 4.1.0, 4.1.1 Oracle Hospitality Suite8, verzie 8.10.2, 8.11.0-8.14.0 Oracle Hospitality Token Proxy Service, vo verzii 19.2 Oracle HTTP Server, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle Hyperion BI+, verzie prior to 11.2.8.0 Oracle Hyperion Calculation Manager, vo verzii staršej ako 11.2.8.0 Oracle Hyperion Data Relationship Management, vo verzii staršej ako 11.2.9.0 Oracle Hyperion Financial Management, vo verzii staršej ako 11.2.8.0 Oracle Hyperion Infrastructure Technology, vo verzii staršej ako 11.2.8.0 Oracle Hyperion Planning, vo verzii staršej ako 11.2.8.0 Oracle Hyperion Profitability and Cost Management, vo verzii staršej ako 11.2.8.0 Oracle Hyperion Tax Provision, vo verzii staršej ako 11.2.8.0 Oracle Identity Management Suite, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle Identity Manager Connector, verzie 9.1.0, 11.1.1.5.0 Oracle iLearning, verzie 6.2, 6.3 Oracle Insurance Data Gateway, vo verzii 1.0.1 Oracle Insurance Insbridge Rating and Underwriting, verzie 5.2.0, 5.4.0-5.6.0, 5.6.1 Oracle Insurance Policy Administration, verzie 11.0.2, 11.1.0, 11.2.8, 11.3.0, 11.3.1 Oracle Insurance Rules Palette, verzie 11.0.2, 11.1.0, 11.2.8, 11.3.0, 11.3.1 Oracle Internet Directory, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle Java SE, verzie 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle JDeveloper, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle Managed File Transfer, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle Middleware Common Libraries and Tools, vo verzii 12.2.1.4.0 Oracle NoSQL Database Oracle Outside In Technology, vo verzii 8.5.5 Oracle Payment Interface, verzie 19.1, 20.3 Oracle Product Lifecycle Analytics, vo verzii 3.6.1.0 Oracle REST Data Services, vo verzii staršej ako 21.2 Oracle Retail Bulk Data Integration, vo verzii 16.0.3 Oracle Retail Customer Insights, verzie 15.0.2, 16.0.2 Oracle Retail Customer Management and Segmentation Foundation, verzie 17.0-19.0 Oracle Retail Data Extractor for Merchandising, verzie 15.0.2, 16.0.2 Oracle Retail EFTLink, verzie 17.0.2, 18.0.1, 19.0.1, 20.0.1, 21.0.0 Oracle Retail Extract Transform and Load, vo verzii 13.2.8 Oracle Retail Financial Integration, verzie 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1 Oracle Retail Integration Bus, verzie 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1 Oracle Retail Invoice Matching, vo verzii 16.0.3 Oracle Retail Merchandising System, verzie 16.0.3, 19.0.1 Oracle Retail Service Backbone, verzie 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1 Oracle Retail Store Inventory Management, verzie 14.0.4.13, 14.1.3.5, 14.1.3.14, 15.0.3.3, 15.0.3.8, 16.0.3.7 Oracle Retail Xstore Office Cloud Service, verzie 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1 Oracle Retail Xstore Point of Service, verzie 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1, 21.0.0 Oracle SD-WAN Edge, verzie 9.0, 9.1 Oracle Secure Backup Oracle Secure Global Desktop, vo verzii 5.6 Oracle Solaris, vo verzii 11 Oracle Solaris Cluster, vo verzii 4 Oracle SQL Developer, vo verzii staršej ako 21.99 Oracle StorageTek ACSLS, vo verzii 8.5.1 Oracle StorageTek Tape Analytics (STA), vo verzii 2.4 Oracle Taleo Platform, vo verzii staršej ako 22.1 Oracle Transportation Management, verzie 6.4.3, 6.5.1 Oracle Tuxedo, vo verzii 12.2.2.0.0 Oracle Utilities Framework, verzie 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0 Oracle VM VirtualBox, vo verzii staršej ako 6.1.34 Oracle Web Services Manager, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle WebCenter Portal, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle WebCenter Sites, verzie 12.2.1.3.0, 12.2.1.4.0 Oracle WebLogic Server, verzie 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 Oracle ZFS Storage Appliance Kit, vo verzii 8.8 OSS Support Tools, verzie 2.12.42, 18.3 PeopleSoft Enterprise CS Academic Advisement, vo verzii 9.2 PeopleSoft Enterprise FIN Cash Management, vo verzii 9.2 PeopleSoft Enterprise PeopleTools, verzie 8.58, 8.59 PeopleSoft Enterprise PRTL Interaction Hub, vo verzii 9.1 Primavera Unifier, verzie 17.7-17.12, 18.8, 19.12, 20.12, 21.12 Presnú špecifikáciu jednotlivých zasiahnutých produktov nájdete na webovej adrese: https://www.oracle.com/security-alerts/cpuapr2022.html |
| Následky |
| Vykonanie škodlivého kódu a úplné narušenie dôvernosti, integrity a dostupnosti systému |
| Odporúčania |
| Administrátorom a používateľom odporúčame bezodkladne vykonať aktualizáciu zasiahnutých systémov. Po odstránení zraniteľností, ktoré mohli spôsobiť vzdialené vykonanie kódu, je dobrou praxou kontrola systému a zmena všetkých hesiel a kľúčov na dotknutom systéme a aj na iných systémoch, kde sa používalo rovnaké heslo či kľúč. |
| Zdroje |
| https://www.oracle.com/security-alerts/cpuapr2022.html https://www.cisa.gov/uscert/ncas/current-activity/2022/04/19/oracle-releases-april-2022-critical-patch-update |
« Späť na zoznam
