اصلاح 433 آسیب پذیری در محصولات مختلف اوراکل

On
seyyid
زمان مطالعه: 7 دقیقه

اوراکل بروزرسانی سه ماهه خودش رو منتشر کرده و در اون 433 آسیب پذیری رو اصلاح کرده. از این آسیب پذیری ها بیش از 70 موردش بحرانی هستش.

از بین این آسیب پذیری ها ، تقریبا 250 موردش از راه دور و بدون احراز هویت قابلیت اکسپلویت دارن و برخی از آسیب پذیری ها روی چندین محصول تاثیر میزارن.

در بروزرسانی های سه ماهه اوراکل ، محصول Oracle Communications برای سومین بروزرسانی متوالی ، با 77 مورد، آسیب پذیرترین محصول این کمپانی بوده. از این تعداد ، 65 موردش از راه دور و بدون احراز هویت قابل اکسپلویت هستش و 27 مورد شدت بحرانی داره.

Financial Services Applications با 76 مورد آسیب پذیری رتبه دوم داره. از این تعداد 59 موردش از راه دور و بدون احراز هویت، قابلیت اکسپلویت دارن.

محصول Fusion Middleware هم 49 اصلاحیه رو داشته که 44 موردش بدون احراز هویت و از راه دور قابل اکسپلویت هستش.

 

 

جدول زیر محصولات آسیب پذیر، تعداد آسیب پذیری و تعداد آسیب پذیری هایی که قابلیت اکسپلویت از راه دور و بدون احراز هویت رو برای مهاجم امکانپذیر میکنن رو نشون میده :

 

محصول آسیب پذیر تعداد آسیب پذیری امکان اکسپلویت از راه دور و بدون احراز هویت
Oracle Database Server 5 0
Oracle Blockchain Platform 7 5
Oracle Essbase 4 4
Oracle GoldenGate 2 1
Oracle Graph Server and Client 1 0
Oracle NoSQL Database 1 0
Oracle REST Data Services 1 0
Oracle SQL Developer 2 1
Oracle Commerce 6 6
Oracle Communications Applications 18 13
Oracle Communications 77 65
Oracle Construction and Engineering 4 3
Oracle E-Business Suite 4 0
Oracle Enterprise Manager 4 3
Oracle Financial Services Applications 76 59
Oracle Fusion Middleware 49 44
Oracle Analytics 20 12
Oracle Health Sciences Applications 10 3
Oracle HealthCare Applications 10 8
Oracle Hospitality Applications 1 0
Oracle Hyperion 2 1
Oracle iLearning 3 2
Oracle Insurance Applications 9 9
Oracle Java SE 8 7
Oracle JD Edwards 14 8
Oracle MySQL 34 11
Oracle PeopleSoft 10 8
Oracle Retail Applications 22 16
Oracle Siebel CRM 6 3
Oracle Agile PLM 2 2
Oracle Solaris 6 0
Oracle Utilities Applications 4 3
Oracle VM VirtualBox 11 1

 

 

جدول زیر هم کل محصولات و نسخه های تحت تاثیر رو نشون میده :

Affected Products and Versions Patch Availability Document
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.7.3 JD Edwards
JD Edwards EnterpriseOne Tools, versions prior to 9.2.7.3 JD Edwards
JD Edwards World Security, version A9.4 JD Edwards
Management Cloud Engine, version 22.1.0.0.0 Management Cloud Engine
MySQL Cluster, versions 7.5.29 and prior, 7.6.25 and prior, 8.0.32 and prior MySQL
MySQL Connectors, versions 8.0.32 and prior MySQL
MySQL Enterprise Monitor, versions 8.0.33 and prior MySQL
MySQL Server, versions 5.7.41 and prior, 8.0.32 and prior MySQL
MySQL Workbench, versions 8.0.32 and prior MySQL
Oracle Access Manager, version 12.2.1.4.0 Fusion Middleware
Oracle Agile PLM, version 9.3.6 Oracle Supply Chain Products
Oracle Application Testing Suite, version 13.3.0.1 Oracle Enterprise Manager
Oracle Argus Insight, versions prior to 8.2.3 Health Sciences
Oracle Argus Safety, versions prior to 8.2.3 Health Sciences
Oracle Banking APIs, versions 18.2, 18.3, 19.1, 19.2, 21.1, 22.1, 22.2 Contact Support
Oracle Banking Corporate Lending, versions 14.0-14.3, 14.5-14.7 Contact Support
Oracle Banking Corporate Lending Process Management, versions 14.4-14.7 Contact Support
Oracle Banking Digital Experience, versions 18.2, 18.3, 19.1, 19.2, 21.1, 22.1, 22.2 Contact Support
Oracle Banking Payments, versions 14.5, 14.6, 14.7 Contact Support
Oracle Banking Trade Finance, versions 14.5, 14.6, 14.7 Contact Support
Oracle Banking Treasury Management, versions 14.5, 14.6, 14.7 Contact Support
Oracle Banking Virtual Account Management, versions 14.5, 14.6, 14.7 Contact Support
Oracle BI Publisher, versions 6.4.0.0.0, 12.2.1.4.0 Oracle Analytics
Oracle Big Data Spatial and Graph, versions prior to 23.1 Database
Oracle Blockchain Platform, versions prior to 21.1.3 Oracle Blockchain Platform
Oracle Business Intelligence Enterprise Edition, versions 5.9.0.0.0, 6.4.0.0.0, 12.2.1.4.0 Oracle Analytics
Oracle Business Process Management Suite, version 12.2.1.4.0 Fusion Middleware
Oracle Clinical Remote Data Capture, version 5.4.0.2 Health Sciences
Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2 Oracle Commerce
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2 Oracle Commerce
Oracle Communications Cloud Native Configuration Console, versions 22.4.1, 23.1.0 Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Automated Test Suite, versions 22.3.1, 22.4.0 Oracle Communications Cloud Native Core Automated Test Suite
Oracle Communications Cloud Native Core Binding Support Function, versions 22.4.0-22.4.4, 23.1.0-23.1.1 Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, versions 22.3.0, 22.4.0 Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Exposure Function, versions 22.4.2, 23.1.0 Oracle Communications Cloud Native Core Network Exposure Function
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 22.4.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, version 23.1.0 Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Policy, versions 22.4.0-22.4.4, 23.1.0-23.1.1 Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.4.0, 22.4.1, 22.4.2, 23.1.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy, versions 22.3.0, 22.4.0 Oracle Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository, versions 22.4.1, 23.1.0 Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0 Oracle Communications Convergent Charging Controller
Oracle Communications Core Session Manager, versions 8.45, 9.15 Oracle Communications Core Session Manager
Oracle Communications Diameter Signaling Router, version 8.6.0.0 Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager, versions 9.0.0, 9.0.1 Oracle Communications Element Manager
Oracle Communications IP Service Activator, versions 7.4.0, 7.5.0 Oracle Communications IP Service Activator
Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0 Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor, version 5.0 Oracle Communications Operations Monitor
Oracle Communications Order and Service Management, version 7.4.1 Oracle Communications Order and Service Management
Oracle Communications Policy Management, version 12.6.0.0.0 Oracle Communications Policy Management
Oracle Communications Services Gatekeeper, version 7.0.0.0.0 Oracle Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions 9.0, 9.1 Oracle Communications Session Border Controller
Oracle Communications Session Report Manager, versions 9.0.0, 9.0.1 Oracle Communications Session Report Manager
Oracle Communications Session Router, versions 9.0, 9.1 Oracle Communications Session Router
Oracle Communications Subscriber-Aware Load Balancer, versions 9.0, 9.1 Oracle Communications Subscriber-Aware Load Balancer
Oracle Communications Unified Assurance, versions 5.5.0-5.5.10, 6.0.0-6.0.2 Oracle Communications Unified Assurance
Oracle Communications Unified Inventory Management, versions 7.4.0, 7.4.1, 7.4.2, 7.5.0 Oracle Communications Unified Inventory Management
Oracle Communications User Data Repository, version 12.6.1.0.0 Oracle Communications User Data Repository
Oracle Data Integrator, version 12.2.1.4.0 Fusion Middleware
Oracle Database Server, versions 19c, 21c Database
Oracle Documaker, versions 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0, 12.7.1.0.0 Oracle Insurance Applications
Oracle E-Business Suite, versions 12.2.3-12.2.12 Oracle E-Business Suite
Oracle Enterprise Communications Broker, versions 3.3, 4.0 Oracle Enterprise Communications Broker
Oracle Enterprise Manager Ops Center, version 12.4.0.0 Oracle Enterprise Manager
Oracle Enterprise Session Router, version 9.1 Oracle Enterprise Session Router
Oracle Essbase, version 21.4 Database
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1, 8.1.2.2 Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Analytical Applications Reconciliation Framework, versions 8.0.7.1.2, 8.1.1.1.7 Oracle Financial Services Analytical Applications Reconciliation Framework
Oracle Financial Services Asset Liability Management, version 8.0.7.8.0 Oracle Financial Services Asset Liability Management
Oracle Financial Services Balance Computation Engine, version 8.1.1.1.1 Oracle Financial Services Balance Computation Engine
Oracle Financial Services Balance Sheet Planning, version 8.0.8.1.4 Oracle Financial Services Balance Sheet Planning
Oracle Financial Services Behavior Detection Platform, versions 8.0.8.1, 8.1.1.1, 8.1.2.3, 8.1.2.4 Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Compliance Studio, version 8.1.2.4 Oracle Financial Services Compliance Studio
Oracle Financial Services Crime and Compliance Management Studio, version 8.0.8.3.5 Oracle Financial Services Crime and Compliance Management Studio
Oracle Financial Services Currency Transaction Reporting, versions 8.0.8.1.0, 8.1.1.1.0, 8.1.2.3.0, 8.1.2.4.1 Oracle Financial Services Currency Transaction Reporting
Oracle Financial Services Data Governance for US Regulatory Reporting, versions 8.1.2.0, 8.1.2.1 Oracle Financial Services Data Governance for US Regulatory Reporting
Oracle Financial Services Data Integration Hub, versions 8.0.7.3.1, 8.1.0.1.4, 8.1.2.2.1 Oracle Financial Services Data Integration Hub
Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management, versions 8.0.7.3.1, 8.0.8.3.1 Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management
Oracle Financial Services Enterprise Case Management, versions 8.0.8.2, 8.1.1.1, 8.1.2.3, 8.1.2.4 Oracle Financial Services Enterprise Case Management
Oracle Financial Services Enterprise Financial Performance Analytics, version 8.0.7.8.1 Oracle Financial Services Enterprise Financial Performance Analytics
Oracle Financial Services Funds Transfer Pricing, version 8.0.7.8.1 Oracle Financial Services Funds Transfer Pricing
Oracle Financial Services Institutional Performance Analytics, version 8.0.7.8.1 Oracle Financial Services Institutional Performance Analytics
Oracle Financial Services Liquidity Risk Measurement and Management, versions 8.0.7.3.1, 8.0.8.3.1 Oracle Financial Services Liquidity Risk Measurement and Management
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.7.8.1, 8.0.8.2.1 Oracle Financial Services Hedge Management and IFRS Valuations
Oracle Financial Services Model Management and Governance, versions 8.1.0.0, 8.1.2.0 Oracle Financial Services Model Management and Governance
Oracle Financial Services Profitability Management, version 8.0.7.8.1 Oracle Financial Services Profitability Management
Oracle Financial Services Regulatory Reporting, versions 8.0.8.1, 8.1.1.1, 8.1.2.3, 8.1.2.4 Oracle Financial Services Regulatory Reporting
Oracle Financial Services Regulatory Reporting with AgileREPORTER, version 8.1.1.2.0 Oracle Financial Services Regulatory Reporting with AgileREPORTER
Oracle Financial Services Retail Performance Analytics, version 8.0.7.8.1 Oracle Financial Services Retail Performance Analytics
Oracle Financial Services Revenue Management and Billing, versions 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2, 4.0 Oracle Financial Services Revenue Management and Billing
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, version 8.0.8.0.0 Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
Oracle FLEXCUBE Core Banking, versions 11.6, 11.7, 11.8, 11.10, 11.11 Contact Support
Oracle FLEXCUBE Universal Banking, versions 14.0-14.3, 14.5-14.7 Contact Support
Oracle GoldenGate, versions prior to 19.1.0.0.230418, prior to 21.10.0.0.0 Database
Oracle GoldenGate Studio, version [Fusion Middleware] 12.2.1.4.0 Database
Oracle GraalVM Enterprise Edition, versions 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1 Java SE
Oracle Graph Server and Client, versions prior to 23.1.0, prior to 23.2.0 Database
Oracle Health Sciences InForm, versions prior to 6.3.1.3, prior to 7.0.0.1 Health Sciences
Oracle Healthcare Foundation, versions 8.1.0, 8.1.1, 8.2.0, 8.2.1, 8.2.2 HealthCare Applications
Oracle Healthcare Master Person Index, versions 5.0.0-5.0.4 HealthCare Applications
Oracle Healthcare Translational Research, versions 4.1.0, 4.1.1 HealthCare Applications
Oracle Hospitality OPERA 5 Property Services, version 5.6 Oracle Hospitality OPERA 5 Property Services
Oracle HTTP Server, version 12.2.1.4.0 Fusion Middleware
Oracle Hyperion Financial Reporting, version 11.2.12 Oracle Enterprise Performance Management
Oracle Hyperion Infrastructure Technology, version 11.2.12 Oracle Enterprise Performance Management
Oracle Identity Manager, version 12.2.1.4.0 Fusion Middleware
Oracle iLearning, version 6.3.1 iLearning
Oracle Insurance Policy Administration Operational Data Store for Life and Annuity, version 1.0.1.8 Oracle Insurance Applications
Oracle Java SE, versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 Java SE
Oracle JDeveloper, version 12.2.1.4.0 Fusion Middleware
Oracle Managed File Transfer, version 12.2.1.4.0 Fusion Middleware
Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0 Fusion Middleware
Oracle NoSQL Database, versions prior to 19.5.32 NoSQL Database
Oracle Outside In Technology, version 8.5.6 Fusion Middleware
Oracle REST Data Services, versions prior to 23.1.0 Database
Oracle Retail Customer Management and Segmentation Foundation, versions 18.0.0.12, 19.0.0.6 Retail Applications
Oracle Retail Fiscal Management, version 14.2 Retail Applications
Oracle Retail Invoice Matching, versions 15.0.3, 16.0.3 Retail Applications
Oracle Retail Merchandising System, versions 15.0.3.1, 16.0.2, 16.0.3 Retail Applications
Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3 Retail Applications
Oracle Retail Price Management, versions 14.1.3.2, 15.0.3.1, 16.0.3 Retail Applications
Oracle Retail Sales Audit, version 15.0.3.1 Retail Applications
Oracle Retail Xstore Office Cloud Service, versions 18.0.5, 19.0.4, 20.0.3, 21.0.2 Retail Applications
Oracle Retail Xstore Point of Service, versions 17.0.6, 18.0.5, 19.0.4, 20.0.3, 21.0.2 Retail Applications
Oracle SD-WAN Aware, version 9.0.1.6.0 Oracle SD-WAN Aware
Oracle SD-WAN Edge, versions 9.1.1.3.0, 9.1.1.4.0 Oracle SD-WAN Edge
Oracle SOA Suite, version 12.2.1.4.0 Fusion Middleware
Oracle Solaris, versions 10, 11 Systems
Oracle SQL Developer, versions prior to 22.4.0, prior to 23.1.0 Database
Oracle TimesTen In-Memory Database, versions prior to 22.1.1.7.0 Database
Oracle Utilities Application Framework, versions 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0 Oracle Utilities Applications
Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1, 2.5.0.0, 2.5.0.1, 2.5.0.2 Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.44, prior to 7.0.8 Virtualization
Oracle WebCenter Portal, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Sites, version 12.2.1.4.0 Fusion Middleware
Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
PeopleSoft Enterprise HCM Human Resources, version 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59, 8.60 PeopleSoft
Primavera P6 Enterprise Project Portfolio Management, versions 18.8.0-18.8.26, 19.12.0-19.12.21, 20.12.0-20.12.18, 21.12.0-21.12.12, 22.12.0-22.12.3 Oracle Construction and Engineering Suite
Primavera Unifier, versions 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14, 22.12.0-22.12.3 Oracle Construction and Engineering Suite
Siebel Applications, versions 21.10 and prior, 22.10 and prior, 23.3 and prior Siebel

 

منبع

 

 

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

پست های مرتبط

seyyid
On

نگاه هفتگی به حملات منتشر شده در دارک وب – 6 تا 12 تیر

seyyid
On

سیسکو با خرید 28 میلیارد دلاری اسپلانک، وارد SIEM میشه

seyyid
On

هک سایتهای وردپرسی با Balada Injector

seyyid
On

استفاده از Cisco AnyConnect Client برای اجرای پیلود