Eyeon Security Information security company

보안 권고문

㈜아이온시큐리티에서 서비스 이용 고객님들의 안정적인 시스템 운영을 위해
필수적인 주요 보안 조치 사항을 안내해드립니다.

2020년 10월 Oracle Critical Patch Update 권고 관리자 2020-10-22 04:52:56
2020년 10월 Oracle Critical Patch Update 권고
관리자  2020-10-22 04:52:56

□ 개요

 o 오라클社 CPU에서 자사 제품의 보안 취약점 402개에 대한 패치를 발표 [1]

 ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트

 o 영향받는 버전의 사용자는 악성코드 감염 등에 취약할 수 있으므로, 아래 해결 방안에 따라 최신 버전으로 업데이트 권고

 

□ 영향받는 제품 및 버전

ApplicationPerformanceManagement(APM),versions13.3.0.0,13.4.0.0

BigDataSpatialandGraph,versionspriorto3.0

EnterpriseManagerBasePlatform,versions13.2.1.0,13.3.0.0,13.4.0.0

EnterpriseManagerforPeoplesoft,version13.4.1.1

EnterpriseManagerforStorageManagement,versions13.3.0.0,13.4.0.0

EnterpriseManagerOpsCenter,version12.4.0.0

FujitsuM10-1,M10-4,M10-4S,M12-1,M12-2,M12-2SServers,versionspriortoXCP2362,priortoXCP3090

FujitsuM12-1,M12-2,M12-2SServers,versionspriortoXCP3090

HyperionAnalyticProviderServices,version11.1.2.4

HyperionBI+,version11.1.2.4

HyperionEssbase,version11.1.2.4

HyperionInfrastructureTechnology,version11.1.2.4

HyperionLifecycleManagement,version11.1.2.4

HyperionPlanning,version11.1.2.4

IdentityManagerConnector,version9.0

InstantisEnterpriseTrack,versions17.1,17.2,17.3

ManagementPackforOracleGoldenGate,version12.2.1.2.0

MySQLCluster,versions7.3.30andprior,7.4.29andprior,7.5.19andprior,7.6.15andprior,8.0.21andprior

MySQLEnterpriseMonitor,versions8.0.21andprior

MySQLServer,versions5.6.49andprior,5.7.31andprior,8.0.21andprior

MySQLWorkbench,versions8.0.21andprior

OracleAccessManager,version11.1.2.3.0

OracleAgilePLM,versions9.3.3,9.3.5,9.3.6

OracleAgileProductLifecycleManagementforProcess,version6.2.0.0

OracleApplicationExpress,versionspriorto20.2

OracleApplicationTestingSuite,version13.3.0.1

OracleBankingCorporateLending,versions12.3.0,14.0.0-14.4.0

OracleBankingDigitalExperience,versions18.1,18.2,18.3,19.1,19.2,20.1

OracleBankingPayments,versions14.1.0-14.4.0

OracleBankingPlatform,versions2.4.0-2.10.0

OracleBIPublisher,versions5.5.0.0.0,11.1.1.9.0,12.2.1.3.0,12.2.1.4.0

OracleBusinessIntelligenceEnterpriseEdition,versions5.5.0.0.0,11.1.1.9.0,12.2.1.3.0,12.2.1.4.0

OracleBusinessProcessManagementSuite,versions12.2.1.3.0,12.2.1.4.0

OracleCommunicationsApplicationSessionController,versions3.8m0,3.9m0p1

OracleCommunicationsBillingandRevenueManagement,versions7.5.0.23.0,12.0.0.2.0,12.0.0.3.0

OracleCommunicationsBRM-ElasticChargingEngine,versions11.3.0.9.0,12.0.0.3.0

OracleCommunicationsDiameterSignalingRouter(DSR),versions8.0.0.0-8.4.0.5,[IDIH]8.0.0-8.2.2

OracleCommunicationsEAGLESoftware,versions46.6.0-46.8.2

OracleCommunicationsElementManager,versions8.2.0-8.2.2

OracleCommunicationsEvolvedCommunicationsApplicationServer,version7.1

OracleCommunicationsMessagingServer,version8.1

OracleCommunicationsOfflineMediationController,version12.0.0.3.0

OracleCommunicationsServicesGatekeeper,version7

OracleCommunicationsSessionBorderController,versions8.2-8.4

OracleCommunicationsSessionReportManager,versions8.2.0-8.2.2

OracleCommunicationsSessionRouteManager,versions8.2.0-8.2.2

OracleCommunicationsUnifiedInventoryManagement,versions7.3.0,7.4.0

OracleCommunicationsWebRTCSessionController,version7.2

OracleDataIntegrator,versions11.1.1.9.0,12.2.1.3.0

OracleDatabaseServer,versions11.2.0.4,12.1.0.2,12.2.0.1,18c,19c

OracleE-BusinessSuite,versions12.1.1-12.1.3,12.2.3-12.2.10

OracleEndecaInformationDiscoveryIntegrator,version3.2.0

OracleEndecaInformationDiscoveryStudio,version3.2.0

OracleEnterpriseRepository,version11.1.1.7.0

OracleEnterpriseSessionBorderController,version8.4

OracleFinancialServicesAnalyticalApplicationsInfrastructure,versions8.0.6-8.1.0

OracleFinancialServicesAnalyticalApplicationsReconciliationFramework,versions8.0.6-8.0.8,8.1.0

OracleFinancialServicesAssetLiabilityManagement,versions8.0.6,8.0.7,8.1.0

OracleFinancialServicesBalanceSheetPlanning,version8.0.8

OracleFinancialServicesBaselRegulatoryCapitalBasic,versions8.0.6-8.0.8,8.1.0

OracleFinancialServicesBaselRegulatoryCapitalInternalRatingsBasedApproach,versions8.0.6-8.0.8,8.1.0

OracleFinancialServicesDataFoundation,versions8.0.6-8.1.0

OracleFinancialServicesDataGovernanceforUSRegulatoryReporting,versions8.0.6-8.0.9

OracleFinancialServicesDataIntegrationHub,versions8.0.6,8.0.7,8.1.0

OracleFinancialServicesFundsTransferPricing,versions8.0.6,8.0.7,8.1.0

OracleFinancialServicesHedgeManagementandIFRSValuations,versions8.0.6-8.0.8,8.1.0

OracleFinancialServicesInstitutionalPerformanceAnalytics,versions8.0.6,8.0.7,8.1.0,8.7.0

OracleFinancialServicesLiquidityRiskManagement,version8.0.6

OracleFinancialServicesLiquidityRiskMeasurementandManagement,versions8.0.7,8.0.8,8.1.0

OracleFinancialServicesLoanLossForecastingandProvisioning,versions8.0.6-8.0.8,8.1.0

OracleFinancialServicesMarketRiskMeasurementandManagement,versions8.0.6,8.0.8,8.1.0

OracleFinancialServicesPriceCreationandDiscovery,versions8.0.6,8.0.7

OracleFinancialServicesProfitabilityManagement,versions8.0.6,8.0.7,8.1.0

OracleFinancialServicesRegulatoryReportingforEuropeanBankingAuthority,versions8.0.6-8.1.0

OracleFinancialServicesRegulatoryReportingforUSFederalReserve,versions8.0.6-8.0.9

OracleFinancialServicesRegulatoryReportingwithAgileREPORTER,version8.0.9.2.0

OracleFinancialServicesRetailCustomerAnalytics,version8.0.6

OracleFLEXCUBECoreBanking,versions5.2.0,11.5.0-11.7.0

OracleFLEXCUBEDirectBanking,versions12.0.1,12.0.2,12.0.3

OracleFLEXCUBEPrivateBanking,versions12.0.0,12.1.0

OracleFLEXCUBEUniversalBanking,versions12.3.0,14.0.0-14.4.0

OracleGoldenGateApplicationAdapters,versions12.3.2.1.0,19.1.0.0.0

OracleGraalVMEnterpriseEdition,versions19.3.3,20.2.0

OracleHealthSciencesEmpiricaSignal,version9.0

OracleHealthcareDataRepository,version7.0.1

OracleHealthcareFoundation,versions7.1.1,7.2.0,7.2.1,7.3.0

OracleHospitalityGuestAccess,versions4.2.0,4.2.1

OracleHospitalityMaterialsControl,version18.1

OracleHospitalityOPERA5PropertyServices,versions5.5,5.6

OracleHospitalityReportingandAnalytics,version9.1.0

OracleHospitalityRES3700,version5.7

OracleHospitalitySimphony,versions18.1,18.2,19.1.0-19.1.2

OracleHospitalitySuite8,versions8.10.2,8.11-8.15

OracleHTTPServer,versions12.2.1.3.0,12.2.1.4.0

OracleInsuranceAccountingAnalyzer,version8.0.9

OracleInsuranceAllocationManagerforEnterpriseProfitability,versions8.0.8,8.1.0

OracleInsuranceDataFoundation,versions8.0.6-8.1.0

OracleInsuranceInsbridgeRatingandUnderwriting,versions5.0.0.0-5.6.0.0,5.6.1.0

OracleInsurancePolicyAdministrationJ2EE,versions10.2.0.37,10.2.4.12,11.0.2.25,11.1.0.15,11.2.0.26,11.2.2.0

OracleInsuranceRulesPalette,versions10.2.0.37,10.2.4.12,11.0.2.25,11.1.0.15,11.2.0.26

OracleJavaSE,versions7u271,8u261,11.0.8,15

OracleJavaSEEmbedded,version8u261

OracleJDeveloper,versions11.1.1.9.0,12.2.1.3.0,12.2.1.4.0

OracleManagedFileTransfer,versions12.2.1.3.0,12.2.1.4.0

OracleOutsideInTechnology,versions8.5.4,8.5.5

OraclePolicyAutomation,versions12.2.0-12.2.20

OraclePolicyAutomationConnectorforSiebel,version10.4.6

OraclePolicyAutomationforMobileDevices,versions12.2.0-12.2.20

OracleRESTDataServices,versions11.2.0.4,12.1.0.2,12.2.0.1,18c,19c,[StandaloneORDS]priorto20.2.1

OracleRetailAdvancedInventoryPlanning,version14.1

OracleRetailAssortmentPlanning,versions15.0.3.0,16.0.3.0

OracleRetailBackOffice,versions14.0,14.1

OracleRetailBulkDataIntegration,versions15.0.3.0,16.0.3.0

OracleRetailCentralOffice,versions14.0,14.1

OracleRetailCustomerManagementandSegmentationFoundation,versions18.0,19.0

OracleRetailIntegrationBus,versions14.1,15.0,16.0

OracleRetailOrderBroker,versions15.0,16.0,18.0,19.0,19.1,19.2,19.3

OracleRetailPoint-of-Service,versions14.0,14.1

OracleRetailPredictiveApplicationServer,versions14.1.3.0,15.0.3.0,16.0.3.0

OracleRetailPriceManagement,versions14.0.4,14.1.3.0,15.0.3.0,16.0.3.0

OracleRetailReturnsManagement,versions14.0,14.1

OracleRetailServiceBackbone,versions14.1,15.0,16.0

OracleRetailXstorePointofService,versions15.0.3,16.0.5,17.0.3,18.0.2,19.0.1

OracleSolaris,versions10,11

OracleTimesTenIn-MemoryDatabase,versionspriorto11.2.2.8.49,priorto18.1.3.1.0,priorto18.1.4.1.0

OracleTransportationManagement,version6.3.7

OracleUtilitiesFramework,versions2.2.0.0.0,4.2.0.2.0,4.2.0.3.0,4.3.0.1.0-4.3.0.6.0,4.4.0.0.0,4.4.0.2.0

OracleVMVirtualBox,versionspriorto6.1.16

OracleWebCenterPortal,versions11.1.1.9.0,12.2.1.3.0,12.2.1.4.0

OracleWebLogicServer,versions10.3.6.0.0,12.1.3.0.0,12.2.1.3.0,12.2.1.4.0,14.1.1.0.0

OracleZFSStorageApplianceKit,version8.8

PeopleSoftEnterpriseHCMGlobalPayrollCore,version9.2

PeopleSoftEnterprisePeopleTools,versions8.56,8.57,8.58

PeopleSoftEnterpriseSCMeSupplierConnection,version9.2

PrimaveraGateway,versions16.2.0-16.2.11,17.12.0-17.12.8

PrimaveraUnifier,versions16.1,16.2,17.7-17.12,18.8,19.12

SiebelApplications,versions20.7,20.8


□ 해결 방안
 o "Oracle Critical Patch Update Advisory – Ocober 2020“ 문서 및 패치 사항을 검토하고 벤더사 및 유지보수 업체와 협의/검토 후 패치 적용 [1]
 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고 [3]

□ 기타 문의사항
 o 한국인터넷진흥원 사이버민원센터: 국번없이 118
 
[참고사이트]
[1] https://www.oracle.com/security-s/cpuoct2020.html
[2] http://www.oracle.com/technetwork/java/javase/downloads/index.html
[3] https://www.java.com/ko/download/help/java_update.xml
첨부 파일 :