□ 개요 o 오라클社 CPU에서 자사 제품의 보안 취약점 349개에 대한 패치 발표 [1] ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트 o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고
□ 영향받는 제품 및 버전 영향받는 제품 | 패치 관련 문서 |
---|
Autonomous Health Framework | Oracle Autonomous Health Framework | Big Data Spatial and Graph, versions prior to 23.1 | Data | Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0 | Enterprise Manager | Enterprise Manager for MySQL Data | Enterprise Manager | Enterprise Manager Ops Center, version 12.4.0.0 | Enterprise Manager | JD Edwards EnterpriseOne Orchestrator, versions 9.2.6.3 and prior | JD Edwards | JD Edwards EnterpriseOne Tools, versions 9.2.6.3 and prior | JD Edwards | MySQL Cluster, versions 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior, 8.0.29 and prior, and8.0.29 and prior | MySQL | MySQL Enterprise Monitor, versions 8.0.30 and prior | MySQL | MySQL Server, versions 5.7.38 and prior, 8.0.29 and prior | MySQL | MySQL Shell, versions 8.0.28 and prior | MySQL | MySQL Shell for VS Code, versions 1.1.8 and prior | MySQL | MySQL Workbench, versions 8.0.29 and prior | MySQL | Oracle Agile Engineering Data Management, version 6.2.1.0 | Oracle Supply Chain Products | Oracle Agile PLM, version 9.3.6 | Oracle Supply Chain Products | Oracle Agile Product Lifecycle Management for Process, versions 6.2.2, 6.2.3 | Oracle Supply Chain Products | Oracle Application Express, versions prior to 22.1.1 | Data | Oracle Application Testing Suite, version 13.3.0.1 | Enterprise Manager | Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2 | Oracle Supply Chain Products | Oracle Banking Branch, version 14.5 | Contact Support | Oracle Banking Cash Management, version 14.5 | Contact Support | Oracle Banking Corporate Lending Process Management, version 14.5 | Contact Support | Oracle Banking Credit Facilities Process Management, version 14.5 | Contact Support | Oracle Banking Deposits and Lines of Credit Servicing, version 2.7 | Contact Support | Oracle Banking Electronic Data Exchange for Corporates, version 14.5 | Contact Support | Oracle Banking Liquidity Management, versions 14.2, 14.5 | Contact Support | Oracle Banking Origination, version 14.5 | Contact Support | Oracle Banking Party Management, version 2.7 | Oracle Banking Platform | Oracle Banking Platform, versions 2.6.2, 2.9, 2.12 | Oracle Banking Platform | Oracle Banking Supply Chain Finance, version 14.5 | Contact Support | Oracle Banking Trade Finance, version 14.5 | Contact Support | Oracle Banking Trade Finance Process Management, version 14.5 | Contact Support | Oracle Banking Virtual Account Management, version 14.5 | Contact Support | Oracle Berkeley DB | Berkeley DB | Oracle BI Publisher, versions 12.2.1.3.0, 12.2.1.4.0 | Oracle Analytics | Oracle Blockchain Platform | Oracle Blockchain Platform | Oracle Business Intelligence Enterprise Edition, version 5.9.0.0.0 | Oracle Analytics | Oracle Coherence, versions 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | Fusion Middleware | Oracle Commerce Guided Search, version 11.3.2 | Oracle Commerce | Oracle Commerce Merchandising, version 11.3.2 | Oracle Commerce | Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2 | Oracle Commerce | Oracle Communications ASAP, version 7.3 | Oracle Communications ASAP | Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.6.0 | Oracle Communications Billing and Revenue Management | Oracle Communications BRM - Elastic Charging Engine, versions prior to 12.0.0.4.6, prior to 12.0.0.5.1 | Oracle Communications BRM - Elastic Charging Engine | Oracle Communications Cloud Native Core Binding Support Function, versions 22.1.3, 22.2.0 | Oracle Communications Cloud Native Core Binding Support Function | Oracle Communications Cloud Native Core Console, versions 22.1.2, 22.2.0 | Oracle Communications Cloud Native Core Console | Oracle Communications Cloud Native Core Network Exposure Function, version 22.1.1 | Oracle Communications Cloud Native Core Network Exposure Function | Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 22.1.0, 22.1.2, 22.2.0 | Oracle Communications Cloud Native Core Network Function Cloud Native Environment | Oracle Communications Cloud Native Core Network Repository Function, versions 22.1.2, 22.2.0 | Oracle Communications Cloud Native Core Network Repository Function | Oracle Communications Cloud Native Core Network Slice Selection Function, version 22.1.1 | Oracle Communications Cloud Native Core Network Slice Selection Function | Oracle Communications Cloud Native Core Policy, versions 22.1.3, 22.2.0 | Oracle Communications Cloud Native Core Policy | Oracle Communications Cloud Native Core Security Edge Protection Proxy, version 22.1.1 | Oracle Communications Cloud Native Core Security Edge Protection Proxy | Oracle Communications Cloud Native Core Service Communication Proxy, version 22.2.0 | Oracle Communications Cloud Native Core Service Communication Proxy | Oracle Communications Cloud Native Core Unified Data Repository, version 22.2.0 | Oracle Communications Cloud Native Core Unified Data Repository | Oracle Communications Core Session Manager, versions 8.2.5, 8.4.5 | Oracle Communications Core Session Manager | Oracle Communications Design Studio, version 7.4.2 | Oracle Communications Design Studio | Oracle Communications Instant Messaging Server, version 10.0.1.5.0 | Oracle Communications Instant Messaging Server | Oracle Communications IP Service Activator | Oracle Communications IP Service Activator | Oracle Communications Offline Mediation Controller, versions prior to 12.0.0.4.4, prior to 12.0.0.5.1 | Oracle Communications Offline Mediation Controller | Oracle Communications Operations Monitor, versions 4.3, 4.4, 5.0 | Oracle Communications Operations Monitor | Oracle Communications Session Border Controller, versions 8.4, 9.0, 9.1 | Oracle Communications Session Border Controller | Oracle Communications Unified Inventory Management, versions 7.4.1, 7.4.2, 7.5.0 | Oracle Communications Unified Inventory Management | Oracle Communications Unified Session Manager, version 8.2.5 | Oracle Communications Unified Session Manager | Oracle Crystal Ball, versions 11.1.2.0.0-11.1.2.4.900 | Oracle Construction and Engineering Suite | Oracle Data Integrator | Fusion Middleware | Oracle Data Server, versions 12.1.0.2, 19c, 21c | Data | Oracle E-Business Suite, versions 12.2.3-12.2.11 | Oracle E-Business Suite | Oracle Enterprise Communications Broker, version 3.3 | Oracle Enterprise Communications Broker | Oracle Enterprise Operations Monitor, versions 4.3, 4.4, 5.0 | Oracle Enterprise Operations Monitor | Oracle Enterprise Session Border Controller, versions 8.4, 9.0, 9.1 | Oracle Enterprise Session Border Controller | Oracle Ess, version 21.3 | Data | Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7.0-8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 | Oracle Financial Services Analytical Applications Infrastructure | Oracle Financial Services Behavior Detection Platform, versions 8.0.7.0, 8.0.8.0, 8.1.1.0-8.1.2.1 | Oracle Financial Services Behavior Detection Platform | Oracle Financial Services Crime and Compliance Management Studio, versions 8.0.8.2.0, 8.0.8.3.0 | Oracle Financial Services Crime and Compliance Management Studio | Oracle Financial Services Enterprise Case Management, versions 8.0.7.1, 8.0.7.2, 8.0.8.0, 8.0.8.1, 8.1.1.0-8.1.2.1 | Oracle Financial Services Enterprise Case Management | Oracle Financial Services Revenue Management and Billing, versions 2.9.0.0.0, 2.9.0.1.0, 3.0.0.0.0-3.2.0.0.0, 4.0.0.0.0 | Oracle Financial Services Revenue Management and Billing | Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versions 8.0.7.0, 8.0.8.0 | Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition | Oracle FLEXCUBE Core Banking, versions 5.2, 11.6-11.8, 11.10 | Contact Support | Oracle FLEXCUBE Private Banking, version 12.1 | Contact Support | Oracle FLEXCUBE Universal Banking, versions 12.1-12.4, 14.0-14.3, 14.5 | Contact Support | Oracle Global Lifecycle Management NextGen OUI Framework, versions prior to 13.9.4.2.10 | Fusion Middleware | Oracle Global Lifecycle Management OPatch, versions prior to 12.2.0.1.30 | Global Lifecycle Management | Oracle GoldenGate, versions [19c] prior to 19.1.0.0.220719, [21c] prior to 21.7.0.0.0 | Data | Oracle GraalVM Enterprise Edition, versions 20.3.6, 21.3.2, 22.1.0 | Java SE | Oracle Graph Server and Client, versions prior to 22.2.0 | Data | Oracle Health Sciences Data Management Workbench, versions 2.4.8.7, 2.5.2.1, 3.0.0.0, 3.1.0.3 | Health Sciences | Oracle Health Sciences Empirica Signal, versions 9.1.0.52, 9.2.0.52 | Health Sciences | Oracle Health Sciences Information Manager, versions 3.0.0.1, 3.0.1.0-3.0.5.0 | HealthCare Applications | Oracle Healthcare Foundation, versions 8.1.0, 8.2.0, 8.2.1 | HealthCare Applications | Oracle Hospitality Cruise Shipboard Property Management System, version 20.2.1 | Oracle Hospitality Cruise Shipboard Property Management System | Oracle Hospitality Inventory Management, version 9.1 | Oracle Hospitality Inventory Management | Oracle Hospitality Materials Control, version 18.1 | Oracle Hospitality Materials Control | Oracle Hospitality OPERA 5, version 5.6 | Oracle Hospitality OPERA 5 Property Services | Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware | Oracle Identity Management Suite | Fusion Middleware | Oracle Identity Manager Connector | Fusion Middleware | Oracle Java SE, versions 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 | Java SE | Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware | Oracle Middleware Common Libraries and Tools, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware | Oracle NoSQL Data | NoSQL Data | Oracle Policy Automation, versions 12.2.0-12.2.25 | Oracle Policy Automation | Oracle Policy Automation for Mobile Devices, versions 12.2.0-12.2.24 | Oracle Policy Automation | Oracle Product Lifecycle Analytics, version 3.6.1 | Oracle Supply Chain Products | Oracle REST Data Services, versions prior to 22.1.1 | Data | Oracle Retail Allocation, versions 15.0.3.1, 16.0.3 | Retail Applications | Oracle Retail Bulk Data Integration, version 16.0.3 | Retail Applications | Oracle Retail Customer Insights, versions 15.0.2, 16.0.2 | Retail Applications | Oracle Retail Customer Management and Segmentation Foundation, versions 17.0, 18.0, 19.0 | Retail Applications | Oracle Retail Extract Transform and Load, version 13.2.5 | Retail Applications | Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 | Retail Applications | Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 | Retail Applications | Oracle Retail Merchandising System, versions 16.0.3, 19.0.1 | Retail Applications | Oracle Retail Order Broker, versions 18.0, 19.1 | Retail Applications | Oracle Retail Pricing, version 19.0.1 | Retail Applications | Oracle Retail Sales Audit, versions 15.0.3.1, 16.0.3 | Retail Applications | Oracle Retail Xstore Point of Service, versions 17.0.4, 18.0.3, 19.0.2, 20.0.1, 21.0.1 | Retail Applications | Oracle SD-WAN Edge, versions 9.0, 9.1 | Oracle SD-WAN Edge | Oracle Security Service, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware | Oracle SOA Suite, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware | Oracle Solaris, versions 10, 11 | Systems | Oracle Spatial Studio, versions prior to 22.1.0 | Data | Oracle SQL Developer | Data | Oracle Stream Analytics, versions [19c] prior to 19.1.0.0.6.4 | Data | Oracle TimesTen In-Memory Data, versions prior to 22.1.1.1.0 | Data | Oracle Transportation Management, version 1.4.4 | Oracle Supply Chain Products | Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0 | Oracle Utilities Applications | Oracle VM VirtualBox, versions prior to 6.1.36 | Virtualization | Oracle WebCenter Content, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware | Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware | Oracle WebCenter Sites Support Tools, versions prior to 4.4.2 | Fusion Middleware | Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | Fusion Middleware | Oracle Weblogic Server Proxy Plug-in, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware | Oracle ZFS Storage Appliance Kit, version 8.8 | Systems | PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59 | PeopleSoft | Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.14, 19.12.0-19.12.13, 20.12.0-20.12.8, 21.12.0-21.12.1 | Oracle Construction and Engineering Suite | Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0.0-17.12.20.4, 18.8.0.0-18.8.25.4, 19.12.0.0-19.12.19.0, 20.12.0.0-20.12.14.0, 21.12.0.0-21.12.4.0 | Oracle Construction and Engineering Suite | Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12 | Oracle Construction and Engineering Suite | Siebel Applications, versions 22.6 and prior | Siebel |
□ 해결 방안 o "Oracle Critical Patch Update Advisory - July 2022“ 문서 및 패치 사항을 검토하고 벤더 사 및 유지보수 업체와 협의/검토 후 패치 적용 [1] o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]
□ 기타 문의사항 o 한국인터넷진흥원 사이버민원센터: 국번없이 118
[참고사이트] [1] https://www.oracle.com/security-s/cpujul2022.html [2] http://www.oracle.com/technetwork/java/javase/downloads/index.html [3] https://www.java.com/ko/download/help/java_update.html
|