CSIRT Panam\u00e1 Aviso 2022-01-19 Oracle: Actualizaciones cr\u00edticas en Oracle (enero 2022)<\/p>\n\n\n\n
Gravedad: Alta
Fecha de publicaci\u00f3n: Enero 19, 2022
\u00daltima revisi\u00f3n: Enero 19, 2022
Sitio web: https:\/\/ www.oracle.com
Sistemas Afectados:
\u2022 Agile Product Lifecycle Management Integration Pack para Oracle E-Business Suite, versi\u00f3n 3.6;
\u2022 Application Performance Management, versiones 13.4.1.0 y 13.5.1.0;
\u2022 Big Data Spatial and Graph, versiones anteriores a 23.1;
\u2022 Enterprise Manager Base Platform, versiones 13.4.0.0 y 13.5.0.0;
\u2022 Enterprise Manager Ops Center, versi\u00f3n 12.4.0.0;
\u2022 Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versiones anteriores a XCP2410, y XCP3110;
\u2022 Instantis EnterpriseTrack, versiones 17.1, 17.2 y 17.3;
\u2022 JD Edwards EnterpriseOne Tools, versiones anteriores a 9.2.6.1;
\u2022 MySQL Cluster, versiones 7.4.34 y anteriores, 7.5.24 y anteriores, 7.6.20 y anteriores, 8.0.27 y anteriores;
\u2022 MySQL Connectors, versiones 8.0.27 y anteriores;
\u2022 MySQL Server, versiones 5.7.36 y anteriores, 8.0.27 y anteriores;
\u2022 MySQL Workbench, versiones 8.0.27 y anteriores;
\u2022 Oracle Access Manager, versiones 11.1.2.3.0, 12.2.1.3.0 y 12.2.1.4.0;
\u2022 Oracle Agile Engineering Data Management, versi\u00f3n 6.2.1.0;
\u2022 Oracle Agile PLM, versiones 9.3.3 y 9.3.6;
\u2022 Oracle Agile PLM MCAD Connector, versiones 3.4 y 3.6;
\u2022 Oracle Airlines Data Model, versiones 12.1.1.0.0 y 12.2.0.1.0;
\u2022 Oracle Application Express, versiones anteriores a 21.1.4;
\u2022 Oracle Application Testing Suite, versi\u00f3n 13.3.0.1;
\u2022 Oracle Argus Analytics, versiones 8.2.1, 8.2.2 y 8.2.3;
\u2022 Oracle Argus Insight, versiones 8.2.1, 8.2.2 y 8.2.3;
\u2022 Oracle Argus Mart, versiones 8.2.1, 8.2.2 y 8.2.3;
\u2022 Oracle Argus Safety, versiones 8.2.1, 8.2.2 y 8.2.3;
\u2022 Oracle Banking APIs, versiones 18.1-18.3, 19.1, 19.2, 20.1 y 21.1;
\u2022 Oracle Banking Deposits and Lines of Credit Servicing, versi\u00f3n 2.12.0;
\u2022 Oracle Banking Digital Experience, versiones 17.2, 18.1-18.3, 19.1, 19.2, 20.1 y 21.1;
\u2022 Oracle Banking Enterprise Default Management, versiones 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1, 2.10.0 y 2.12.0;
\u2022 Oracle Banking Loans Servicing, versi\u00f3n 2.12.0;
\u2022 Oracle Banking Party Management, versi\u00f3n 2.7.0;
\u2022 Oracle Banking Platform, versiones 2.3.0-2.4.1, 2.6.2, 2.7.0 y 2.7.1;
\u2022 Oracle BI Publisher, versiones 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 y 12.2.1.4.0;
\u2022 Oracle Business Activity Monitoring, versiones 12.2.1.4.0 y 12.2.1.5.0;
\u2022 Oracle Business Intelligence Enterprise Edition, versiones 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0 y 12.2.1.4.0;
\u2022 Oracle Business Process Management Suite, versiones 12.2.1.3.0 y 12.2.1.4.0;
\u2022 Oracle Clinical, versiones 5.2.1 y 5.2.2;
\u2022 Oracle Commerce Guided Search, versi\u00f3n 11.3.2;
\u2022 Oracle Commerce Platform, versiones 11.3.0, 11.3.1 y 11.3.2;
\u2022 Oracle Communications Billing and Revenue Management, versiones 12.0.0.3 y 12.0.0.4;
\u2022 Oracle Communications BRM – Elastic Charging Engine, versiones 11.3 y 12.0;
\u2022 Oracle Communications Calendar Server, versi\u00f3n 8.0.0.5.0;
\u2022 Oracle Communications Cloud Native Core Automated Test Suite, versi\u00f3n 1.8.0;
\u2022 Oracle Communications Cloud Native Core Binding Support Function, versiones 1.9.0 y 1.10.0;
\u2022 Oracle Communications Cloud Native Core Console, versi\u00f3n 1.7.0;
\u2022 Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versi\u00f3n 1.9.0;
\u2022 Oracle Communications Cloud Native Core Network Repository Function, versi\u00f3n 1.14.0;
\u2022 Oracle Communications Cloud Native Core Policy, versi\u00f3n 1.14.0;
\u2022 Oracle Communications Cloud Native Core Security Edge Protection Proxy, versiones 1.5.0, 1.6.0 y 1.15.0;
\u2022 Oracle Communications Cloud Native Core Service Communication Proxy, versi\u00f3n 1.14.0;
\u2022 Oracle Communications Cloud Native Core Unified Data Repository, versi\u00f3n 1.14.0;
\u2022 Oracle Communications Contacts Server, versi\u00f3n 8.0.0.3.0;
\u2022 Oracle Communications Convergence, versi\u00f3n 3.0.2.2.0;
\u2022 Oracle Communications Convergent Charging Controller, versiones 6.0.1.0.0 y 12.0.1.0.0-12.0.4.0.0;
\u2022 Oracle Communications Data Model, versiones 11.3.2.1.0, 11.3.2.2.0, 11.3.2.3.0, 12.1.0.1.0 y 12.1.2.0.0;
\u2022 Oracle Communications Design Studio, versiones 7.3.4, 7.3.5, 7.4.0, 7.4.1 y 7.4.2;
\u2022 Oracle Communications Diameter Signaling Router, versiones 8.0.0.0-8.5.1.0;
\u2022 Oracle Communications EAGLE Application Processor, versiones 16.1-16.4;
\u2022 Oracle Communications Instant Messaging Server, versi\u00f3n 10.0.1.5.0;
\u2022 Oracle Communications Interactive Session Recorder, versiones 6.3 y 6.4;
\u2022 Oracle Communications Messaging Server, versi\u00f3n 8.1;
\u2022 Oracle Communications Network Charging and Control, versiones 6.0.1.0.0 y 12.0.1.0.0-12.0.4.0.0;
\u2022 Oracle Communications Network Integrity, versiones 7.3.5 y 7.3.6;
\u2022 Oracle Communications Offline Mediation Controller, versi\u00f3n 12.0.0.3;
\u2022 Oracle Communications Operations Monitor, versiones 3.4, 4.2, 4.3, 4.4 y 5.0;
\u2022 Oracle Communications Pricing Design Center, versiones 12.0.0.3.0 y 12.0.0.4.0;
\u2022 Oracle Communications Service Broker, versi\u00f3n 6.2;
\u2022 Oracle Communications Services Gatekeeper, versi\u00f3n 7.0;
\u2022 Oracle Communications Session Border Controller, versiones 8.2, 8.3, 8.4 y 9.0;
\u2022 Oracle Communications Unified Inventory Management, versiones 7.3.0, 7.3.4, 7.3.5, 7.4.0, 7.4.1, 7.4.2 y 7.5.0;
\u2022 Oracle Communications WebRTC Session Controller, versiones 7.2.0 y 7.2.1;
\u2022 Oracle Data Integrator, versiones 12.2.1.3.0 y 12.2.1.4.0;
\u2022 Oracle Database Server, versiones 12.1.0.2, 12.2.0.1 y 19c, 21c;
\u2022 Oracle Demantra Demand Management, versiones 12.2.6-12.2.11;
\u2022 Oracle E-Business Suite, versiones 12.2.3-12.2.11;
\u2022 Oracle Enterprise Communications Broker, versi\u00f3n 3.3;
\u2022 Oracle Enterprise Data Quality, versiones 12.2.1.3.0 y 12.2.1.4.0;
\u2022 Oracle Enterprise Session Border Controller, versiones 8.4 y 9.0;
\u2022 Oracle Essbase, versiones anteriores a 11.1.2.4.47, anteriores a 21.3;
\u2022 Oracle Essbase Administration Services, versiones anteriores a 11.1.2.4.47;
\u2022 Oracle Financial Services Analytical Applications Infrastructure, versiones 8.0.7-8.1.1;
\u2022 Oracle Financial Services Behavior Detection Platform, versiones 8.0.7, 8.0.8 y 8.1.1;
\u2022 Oracle Financial Services Enterprise Case Management, versiones 8.0.7, 8.0.8 y 8.1.1;
\u2022 Oracle Financial Services Foreign Account Tax Compliance Act Management, versiones 8.0.7, 8.0.8 y 8.1.1;
\u2022 Oracle Financial Services Model Management and Governance, versiones 8.0.8-8.1.1;
\u2022 Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versiones 8.0.7 y 8.0.8;
\u2022 Oracle FLEXCUBE Investor Servicing, versiones 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.4.0 y 14.5.0;
\u2022 Oracle FLEXCUBE Private Banking, versiones 12.0.0 y 12.1.0;
\u2022 Oracle Fusion Middleware, versiones 12.2.1.3.0 y 12.2.1.4.0;
\u2022 Oracle Fusion Middleware MapViewer, versi\u00f3n 12.2.1.4.0;
\u2022 Oracle GoldenGate, versiones anteriores a 12.3.0.1, 19.1.0.0.220118, 21.4.0.0.0 y 21.5.0.0.220118;
\u2022 Oracle GraalVM Enterprise Edition, versiones 20.3.4 y 21.3.0;
\u2022 Oracle Graph Server and Client, versiones anteriores a 21.4;
\u2022 Oracle Health Sciences Clinical Development Analytics, versi\u00f3n 4.0.1;
\u2022 Oracle Health Sciences InForm CRF Submit, versi\u00f3n 6.2.1;
\u2022 Oracle Health Sciences Information Manager, versiones 3.0.2 y 3.0.3;
\u2022 Oracle Healthcare Data Repository, versiones 7.0.2, 8.1.0 y 8.1.1;
\u2022 Oracle Healthcare Foundation, versiones 7.3.0.0-7.3.0.2, 8.0.0-8.0.2 y, 8.1.0-8.1.1;
\u2022 Oracle Healthcare Translational Research, versi\u00f3n 4.1.0;
\u2022 Oracle Hospitality Cruise Shipboard Property Management System, versi\u00f3n 20.1.0;
\u2022 Oracle Hospitality OPERA 5, versi\u00f3n 5.6;
\u2022 Oracle Hospitality Reporting and Analytics, versi\u00f3n 9.1.0;
\u2022 Oracle Hospitality Suite8, versiones 8.10.2, 8.11.0, 8.12.0, 8.13.0 y 8.14.0;
\u2022 Oracle HTTP Server, versiones 12.2.1.3.0, 12.2.1.4.0 y 12.2.1.5.0;
\u2022 Oracle Hyperion Infrastructure Technology, versi\u00f3n 11.2.7.0;
\u2022 Oracle iLearning, versiones 6.2 y 6.3;
\u2022 Oracle Insurance Data Gateway, versiones 11.0.2, 11.1.0, 11.2.7, 11.3.0 y 11.3.1;
\u2022 Oracle Insurance Insbridge Rating and Underwriting, versiones 5.2.0 y 5.4.0-5.6.0;
\u2022 Oracle Insurance Policy Administration, versiones 11.0.2, 11.1.0, 11.2.7, 11.3.0 y 11.3.1;
\u2022 Oracle Insurance Policy Administration J2EE, versiones 10.2.0, 10.2.4, 11.0.2 y 11.1.0-11.3.0;
\u2022 Oracle Insurance Rules Palette, versiones 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0 y 11.3.1;
\u2022 Oracle Java SE, versiones 7u321, 8u311, 11.0.13 y 17.1;
\u2022 Oracle Managed File Transfer, versiones 12.2.1.3.0 y 12.2.1.4.0;
\u2022 Oracle NoSQL Database, versiones anteriores a 21.1.12;
\u2022 Oracle Policy Automation, versiones 12.2.0-12.2.24;
\u2022 Oracle Product Lifecycle Analytics, versi\u00f3n 3.6.1;
\u2022 Oracle Rapid Planning, versiones 12.2.6-12.2.11;
\u2022 Oracle Real User Experience Insight, versiones 13.4.1.0 y 13.5.1.0;
\u2022 Oracle REST Data Services, versiones anteriores a 21.2.4;
\u2022 Oracle Retail Allocation, versiones 14.1.3.2, 15.0.3.1, 16.0.3 y 19.0.1;
\u2022 Oracle Retail Analytics, versi\u00f3n 21.0.1;
\u2022 Oracle Retail Assortment Planning, versi\u00f3n 16.0.3;
\u2022 Oracle Retail Back Office, versi\u00f3n 14.1;
\u2022 Oracle Retail Central Office, versi\u00f3n 14.1;
\u2022 Oracle Retail Customer Insights, versi\u00f3n 21.0.1;
\u2022 Oracle Retail Customer Management and Segmentation Foundation, versiones 16.0-19.0;
\u2022 Oracle Retail EFTLink, versiones 16.0.3, 17.0.2, 18.0.1, 19.0.1 y 20.0.1;
\u2022 Oracle Retail Extract Transform and Load, versi\u00f3n 13.2.8;
\u2022 Oracle Retail Financial Integration, versiones 14.1.3.2, 15.0.3.1, 16.0.3 y 19.0.1;
\u2022 Oracle Retail Fiscal Management, versi\u00f3n 14.2;
\u2022 Oracle Retail Integration Bus, versiones 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0 y 19.0.1;
\u2022 Oracle Retail Invoice Matching, versiones 15.0.3 y 16.0.3;
\u2022 Oracle Retail Merchandising System, versi\u00f3n 19.0.1;
\u2022 Oracle Retail Order Broker, versiones 16.0, 18.0 y 19.1;
\u2022 Oracle Retail Order Management System, versi\u00f3n 19.5;
\u2022 Oracle Retail Point-of-Service, versi\u00f3n 14.1;
\u2022 Oracle Retail Predictive Application Server, versiones 14.1.3, 14.1.3.46, 15.0.3, 15.0.3.115, 16.0.3 y 16.0.3.240;
\u2022 Oracle Retail Price Management, versiones 13.2, 14.0.4, 14.1, 14.1.3, 15, 15.0.3, 16 y 16.0.3;
\u2022 Oracle Retail Returns Management, versi\u00f3n 14.1;
\u2022 Oracle Retail Service Backbone, versiones 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0 y 19.0.1;
\u2022 Oracle Retail Size Profile Optimization, versi\u00f3n 16.0.3;
\u2022 Oracle Retail Xstore Point of Service, versiones 17.0.4, 18.0.3, 19.0.2 y 20.0.1;
\u2022 Oracle SD-WAN Aware, versi\u00f3n 8.2;
\u2022 Oracle SD-WAN Edge, versiones 9.0 y 9.1;
\u2022 Oracle Secure Backup, versiones anteriores a 18.1.0.1.0;
\u2022 Oracle Solaris, versiones 10 y 11;
\u2022 Oracle Spatial Studio, versiones anteriores a 21.2.1;
\u2022 Oracle Thesaurus Management System, versiones 5.2.3, 5.3.0 y 5.3.1;
\u2022 Oracle TimesTen In-Memory Database, versiones anteriores a 11.2.2.8.27 y 21.1.1.1.0;
\u2022 Oracle Utilities Framework, versiones 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0 y 4.4.0.3.0;
\u2022 Oracle Utilities Testing Accelerator, versiones 6.0.0.1.1, 6.0.0.2.2 y 6.0.0.3.1;
\u2022 Oracle VM VirtualBox, versiones anteriores a 6.1.32;
\u2022 Oracle WebCenter Portal, versiones 12.2.1.3.0 y 12.2.1.4.0;
\u2022 Oracle WebLogic Server, versiones 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 y 14.1.1.0.0;
\u2022 Oracle ZFS Storage Appliance Kit, versi\u00f3n 8.8;
\u2022 Oracle ZFS Storage Application Integration Engineering Software, versi\u00f3n 1.3.3;
\u2022 OSS Support Tools, versiones anteriores a 2.12.42;
\u2022 PeopleSoft Enterprise CS SA Integration Pack, versiones 9.0 y 9.2;
\u2022 PeopleSoft Enterprise PeopleTools, versiones 8.57, 8.58 y 8.59;
\u2022 Primavera Analytics, versiones 18.8.3.3, 19.12.11.1 y 20.12.12.0;
\u2022 Primavera Data Warehouse, versiones 18.8.3.3, 19.12.11.1 y 20.12.12.0;
\u2022 Primavera Gateway, versiones 17.12.0-17.12.11, 18.8.0-18.8.13, 19.12.0-19.12.12, 20.12.0-20.12.7 y 21.12.0;
\u2022 Primavera P6 Enterprise Project Portfolio Management, versiones 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.18.0, 20.12.0.0-20.12.12.0 y 21.12.0.0;
\u2022 Primavera P6 Professional Project Management, versiones 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.17.0 y 20.12.0.0-20.12.9.0;
\u2022 Primavera Portfolio Management, versiones 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 y 20.0.0.1;
\u2022 Primavera Unifier, versiones 17.7-17.12, 18.8, 19.12, 20.12 y 21.12;
\u2022 Siebel Applications, versiones 21.11 y anteriores.<\/p>\n\n\n\n
III. Descripci\u00f3n<\/p>\n\n\n\n
Oracle ha publicado una actualizaci\u00f3n cr\u00edtica con parches para corregir 497 vulnerabilidades, que afectan a m\u00faltiples productos.<\/p>\n\n\n\n
IV. Impacto<\/p>\n\n\n\n
Vulnerabilidad: CVE-2021-29425
La vulnerabilidad permite que un atacante remoto realice ataques transversales de directorio.<\/p>\n\n\n\n
Vulnerabilidad: CVE-2021-33037
La vulnerabilidad permite que un atacante remoto realice ataques de contrabando de solicitudes HTTP.<\/p>\n\n\n\n
Vulnerabilidad: CVE-2021-36374
La vulnerabilidad permite que un atacante remoto realice un ataque de denegaci\u00f3n de servicio (DoS).<\/p>\n\n\n\n
Vulnerabilidad: CVE-2021-4104
La vulnerabilidad permite que un atacante remoto ejecute c\u00f3digo arbitrario en el sistema de destino.<\/p>\n\n\n\n
Vulnerabilidad: CVE-2021-36090
La vulnerabilidad permite que un atacante remoto realice un ataque de denegaci\u00f3n de servicio (DoS).<\/p>\n\n\n\n
Vulnerabilidad: CVE-2021-22118
La vulnerabilidad permite que un usuario local aumente los privilegios en el sistema.<\/p>\n\n\n\n
Vulnerabilidad: CVE-2021-2351
La vulnerabilidad permite que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario.<\/p>\n\n\n\n
Vulnerabilidad: CVE-2021-39139
La vulnerabilidad permite que un usuario remoto autenticado ejecute c\u00f3digo arbitrario.<\/p>\n\n\n\n
Vulnerabilidad: CVE-2020-13936
La vulnerabilidad permite que un atacante remoto ejecute c\u00f3digo arbitrario en el sistema de destino.<\/p>\n\n\n\n
III. Referencia a soluciones, herramientas e informaci\u00f3n<\/p>\n\n\n\n
Aplicar los parches correspondientes seg\u00fan los productos afectados, desde el sitio oficial de Oracle. (https:\/\/www.oracle.com\/security-alerts\/cpujan2022.html<\/p>\n\n\n\n
Fuentes:<\/p>\n\n\n\n
Informaci\u00f3n de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https:\/\/cert.pa
Twitter: @CSIRTPanama
Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"
CSIRT Panam\u00e1 Aviso 2022-01-19 Oracle: Actualizaciones cr\u00edticas en Oracle (enero 2022) Gravedad: AltaFecha de publicaci\u00f3n: Enero 19, 2022\u00daltima revisi\u00f3n: Enero 19, 2022Sitio web: https:\/\/ www.oracle.comSistemas Afectados:\u2022 Agile Product Lifecycle Management Integration Pack para Oracle E-Business…<\/p>\n","protected":false},"author":4,"featured_media":2277,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[76,72,37],"class_list":["post-2973","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-actualizaciones","tag-avisos-de-seguridad","tag-oracle"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2973"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2973\/revisions"}],"predecessor-version":[{"id":2974,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2973\/revisions\/2974"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/2277"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2973"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2973"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}