TLP:CLEAR PAP:WHITE
Actualización crítica de Oracle de Octubre2023
Descripción
Una actualización de parche crítico es una colección de parches para múltiples vulnerabilidades de seguridad. Estos parches abordan vulnerabilidades en el código de Oracle y en componentes de terceros incluidos en los productos de Oracle. Estos parches suelen ser acumulativos, pero cada aviso describe solo los parches de seguridad agregados desde el aviso de actualización de parches críticos anterior. Por lo tanto, se deben revisar los avisos de actualización de parches críticos anteriores para obtener información sobre parches de seguridad publicados anteriormente. Consulte "Actualizaciones de parches críticos, alertas de seguridad y boletines" para obtener información sobre los avisos de seguridad de Oracle.
Oracle continúa recibiendo periódicamente informes de intentos de explotar maliciosamente vulnerabilidades para las cuales Oracle ya ha publicado parches de seguridad. En algunos casos, se ha informado que los atacantes tuvieron éxito porque los clientes objetivo no aplicaron los parches de Oracle disponibles. Por lo tanto, Oracle recomienda encarecidamente que los clientes mantengan las versiones con soporte activo y apliquen los parches de seguridad de la Actualización de parches críticos sin demora.
Esta actualización de parches críticos contiene 387 nuevos parches de seguridad en las familias de productos que se enumeran a continuación. Tenga en cuenta que una nota de MOS que resume el contenido de esta actualización de parche crítico y otras actividades de Oracle Software Security Assurance se encuentra en Actualización de parche crítico de octubre de 2023: resumen ejecutivo y análisis .
Oracle continúa recibiendo periódicamente informes de intentos de explotar maliciosamente vulnerabilidades para las cuales Oracle ya ha publicado parches de seguridad. En algunos casos, se ha informado que los atacantes tuvieron éxito porque los clientes objetivo no aplicaron los parches de Oracle disponibles. Por lo tanto, Oracle recomienda encarecidamente que los clientes mantengan las versiones con soporte activo y apliquen los parches de seguridad de la Actualización de parches críticos sin demora.
Esta actualización de parches críticos contiene 387 nuevos parches de seguridad en las familias de productos que se enumeran a continuación. Tenga en cuenta que una nota de MOS que resume el contenido de esta actualización de parche crítico y otras actividades de Oracle Software Security Assurance se encuentra en Actualización de parche crítico de octubre de 2023: resumen ejecutivo y análisis .
Productos afectados
- BI Publisher, versions 6.4.0.0.0, 7.0.0.0.0, 12.2.1.4.0 | Oracle Analytics
- GoldenGate Big Data, versions 21.3-21.10 | Database
- GoldenGate Veridata, versions 12.2.1.4.0-12.2.1.4.230922 | Database
- Hospitality OPERA 5 Property Services, version 5.6 | Oracle Hospitality OPERA 5 Property Services
- JD Edwards EnterpriseOne Tools, version 9.2.7 | JD Edwards
- Management Cloud Engine, version 23.1.0.0 | Management Cloud Engine
- MySQL Cluster, versions 8.0.34 and prior, 8.1.0 | MySQL
- MySQL Connectors, versions 8.1.0 and prior | MySQL
- MySQL Enterprise Monitor, versions 8.0.35 and prior | MySQL
- MySQL Installer, versions prior to 1.6.8 | MySQL
- MySQL Server, versions 5.7.43 and prior, 8.0.34 and prior, 8.1.0 and prior | MySQL
- MySQL Shell, versions 8.1.1 and prior | MySQL
- Oracle Access Manager, version 12.2.1.4.0 | Fusion Middleware
- Oracle Agile PLM, version 9.3.6 | Oracle Supply Chain Products
- Oracle Application Testing Suite, version 13.3.0.1 | Oracle Enterprise Manager
- Oracle Banking APIs, versions 18.3, 19.1, 19.2, 21.1, 22.1, 22.2 | Contact Support
- Oracle Banking Branch, versions 14.5-14.7 | Contact Support
- Oracle Banking Cash Management, versions 14.5-14.7 | Contact Support
- Oracle Banking Corporate Lending, versions 14.0-14.3, 14.5-14.7 | Contact Support
- Oracle Banking Corporate Lending Process Management, versions 14.5-14.7 | Contact Support
- Oracle Banking Credit Facilities Process Management, versions 14.5-14.7 | Contact Support
- Oracle Banking Deposits and Lines of Credit Servicing, versions 2.7, 2.12 | Contact Support
- Oracle Banking Digital Experience, versions 18.3, 19.1, 19.2, 21.1, 22.1, 22.2 | Contact Support
- Oracle Banking Electronic Data Exchange for Corporates, versions 14.5-14.7 | Contact Support
- Oracle Banking Liquidity Management, versions 14.5-14.7 | Contact Support
- Oracle Banking Loans Servicing, version 2.12 | Oracle Banking Platform
- Oracle Banking Origination, versions 14.5-14.7 | Contact Support
- Oracle Banking Party Management, version 2.7 | Oracle Banking Platform
- Oracle Banking Payments, versions 14.0-14.3, 14.5-14.7 | Contact Support
- Oracle Banking Platform, versions 2.6.2, 2.9.0 | Oracle Banking Platform
- Oracle Banking Supply Chain Finance, versions 14.5-14.7 | Contact Support
- Oracle Banking Trade Finance, versions 14.5-14.7 | Contact Support
- Oracle Banking Trade Finance Process Management, versions 14.5-14.7 | Contact Support
- Oracle Banking Virtual Account Management, versions 14.5-14.7 | Contact Support
- Oracle Big Data Spatial and Graph, versions 2.5 and prior | Database
- Oracle Business Intelligence Enterprise Edition, versions 6.4.0.0.0, 7.0.0.0.0, 12.2.1.4.0 | Oracle Analytics
- Oracle Business Process Management Suite, version 12.2.1.4.0 | Fusion Middleware
- Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0 | Fusion Middleware
- Oracle Commerce Guided Search, version 11.3.2 | Oracle Commerce
- Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.4-12.0.0.8 | Oracle Communications BRM - Elastic Charging Engine
- Oracle Communications Cloud Native Core Binding Support Function, versions 23.1.0-23.1.8, 23.2.0-23.2.4 | Oracle Communications Cloud Native Core Binding Support Function
- Oracle Communications Cloud Native Core Console, versions 23.1.1, 23.1.2, 23.2.1 | Oracle Communications Cloud Native Core Console
- Oracle Communications Cloud Native Core Network Exposure Function, versions 23.1.3, 23.3.0 | Oracle Communications Cloud Native Core Network Exposure Function
- Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 23.2.0, 23.2.2 | Oracle Communications Cloud Native Core Network Function Cloud Native Environment
- Oracle Communications Cloud Native Core Network Repository Function, versions 23.1.3, 23.2.1, 23.3.0 | Oracle Communications Cloud Native Core Network Repository Function
- Oracle Communications Cloud Native Core Policy, versions 23.1.0-23.1.8, 23.2.0-23.2.4 | Oracle Communications Cloud Native Core Policy
- Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 23.1.0, 23.1.3, 23.3.0 | Oracle Communications Cloud Native Core Security Edge Protection Proxy
- Oracle Communications Cloud Native Core Unified Data Repository, version 23.1.2 | Oracle Communications Cloud Native Core Unified Data Repository
- Oracle Communications Convergent Charging Controller, version 12.0.6.0 |
- Oracle Communications Convergent Charging Controller
- Oracle Communications Diameter Signaling Router, versions 8.6.0.0, 9.0.0.0 |
- Oracle Communications Diameter Signaling Router
- Oracle Communications Element Manager, versions 9.0.0-9.0.2 | Oracle Communications Element Manager
- Oracle Communications IP Service Activator, versions 7.4.0, 7.5.0 | Oracle Communications IP Service Activator
- Oracle Communications MetaSolv Solution, version 6.3.1.0.0 | Oracle Communications MetaSolv Solution
- Oracle Communications Network Analytics Data Director, version 23.2.0 | Oracle Communications Network Analytics Data Director
- Oracle Communications Network Charging and Control, version 12.0.6.0 | Oracle Communications Network Charging and Control
- Oracle Communications Order and Service Management, versions 7.4.0, 7.4.1 |
- Oracle Communications Order and Service Management
- Oracle Communications Policy Management, version 12.6.0.0 | Oracle Communications Policy Management
- Oracle Communications Session Report Manager, versions 9.0.0-9.0.2 | Oracle Communications Session Report Manager
- Oracle Communications Unified Assurance, versions 5.5.0-5.5.17, 6.0.0-6.0.3 |
- Oracle Communications Unified Assurance
- Oracle Communications WebRTC Session Controller, versions 7.2.0.0.0, 7.2.1.0.0 | Oracle Communications WebRTC Session Controller
- Oracle Data Integrator, version 12.2.1.4.0 | Fusion Middleware
- Oracle Database Server, versions 19.3-19.20, 21.3-21.11 | Database
- Oracle Documaker, versions 12.6.4-12.7.1 | Oracle Insurance Applications
- Oracle E-Business Suite, versions 12.2.3-12.2.12, [ECC] 8, [ECC] 9, [ECC] 10 |
- Oracle E-Business Suite
- Oracle Enterprise Communications Broker, versions 3.3, 4.0, 4.1 | Oracle Enterprise Communications Broker
- Oracle Enterprise Data Quality, version 12.2.1.4.0 | Fusion Middleware
- Oracle Enterprise Manager Base Platform, version 13.5.0.0 | Oracle Enterprise Manager
- Oracle Enterprise Manager for Peoplesoft, version 13.5.1.1 | Oracle Enterprise Manager
- Oracle Enterprise Manager Ops Center, version 12.4.0.0 | Oracle Enterprise Manager
- Oracle Enterprise Operations Monitor, versions 5.0, 5.1 | Oracle Enterprise Operations Monitor
- Oracle Enterprise Session Border Controller, versions 9.0-9.2 | Oracle Enterprise Session Border Controller
- Oracle Essbase, version 21.5.0.0.0 | Database
- Oracle Financial Services Cash Flow Engine, version 8.1.2.0.0 | Contact Support
- Oracle Financial Services Model Management and Governance, versions 8.1.2.3, 8.1.2.4 | Oracle Financial Services Model Management and Governance
- Oracle FLEXCUBE Core Banking, versions 11.6-11.8, 11.10, 11.11 | Contact Support
- Oracle FLEXCUBE Enterprise Limits and Collateral Management, versions 12.3, 12.4, 14.0-14.3, 14.5-14.7 | Contact Support
- Oracle FLEXCUBE Universal Banking, versions 12.3, 12.4, 14.0-14.3, 14.5-14.7 | Contact Support
- Oracle Fusion Middleware MapViewer, version 12.2.1.4.0 | Fusion Middleware
- Oracle Global Lifecycle Management OPatch, versions prior to 12.2.0.1.40 | Global Lifecycle Management
- Oracle GoldenGate Studio, version 12.2.1.4.0 | Database
- Oracle GraalVM for JDK, versions 17.0.8, 20.0.2 | Java SE
- Oracle Graph Server and Client, versions 22.4.4 and prior | Database
- Oracle Healthcare Master Person Index, versions 5.0.0-5.0.6 | HealthCare Applications
- Oracle HTTP Server, version 12.2.1.4.0 | Fusion Middleware
- Oracle Hyperion Infrastructure Technology, version 11.2.14.0.0 | Oracle Enterprise Performance Management
- Oracle Identity Manager, version 12.2.1.4.0 | Fusion Middleware
- Oracle Java SE, versions 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2 | Java SE
- Oracle Life Sciences InForm, version 7.0.0.0 | Health Sciences
- Oracle Life Sciences InForm Publisher, version 6.3.1.0 | Health Sciences
- Oracle Managed File Transfer, version 12.2.1.4.0 | Fusion Middleware
- Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0 | Fusion Middleware
- Oracle Outside In Technology, version 8.5.6 | Fusion Middleware
- Oracle REST Data Services, versions prior to 23.2.2 | Database
- Oracle Retail Bulk Data Integration, versions 16.0.3, 19.0.1 | Retail Applications
- Oracle Retail Customer Management and Segmentation Foundation, versions 18.0.0.13, 19.0.0.7 | Retail Applications
- Oracle Retail EFTLink, versions 20.0.1, 21.0.0, 22.0.0 | Retail Applications
- Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 | Retail Applications
- Oracle Retail Fiscal Management, version 14.2 | Retail Applications
- Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 | Retail Applications
- Oracle Retail Merchandising System, version 19.0.1 | Retail Applications
- Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 | Retail Applications
- Oracle Retail Xstore Point of Service, versions 18.0.5, 19.0.4, 20.0.3, 21.0.2, 22.0.0 | Retail Applications
- Oracle SD-WAN Edge, versions 9.1.1.5.0, 9.1.1.6.0 | Oracle SD-WAN Edge
- Oracle Secure Backup, versions 18.1.0.1.0, 18.1.0.2.0 | Oracle Secure Backup
- Oracle Service Bus, version 12.2.1.4.0 | Fusion Middleware
- Oracle SOA Suite, version 12.2.1.4.0 | Fusion Middleware
- Oracle Solaris, versions 10, 11 | Systems
- Oracle Unified Directory, version 12.2.1.4.0 | Fusion Middleware
- Oracle Utilities Application Framework, versions 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.0.1, 4.5.0.1.0-4.5.0.1.2 | Oracle Utilities Applications
- Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1 | Oracle Utilities Applications
- Oracle VM VirtualBox, versions prior to 7.0.12 | Virtualization
- Oracle WebCenter Content, version 12.2.1.4.0 | Fusion Middleware
- Oracle WebCenter Portal, version 12.2.1.4.0 | Fusion Middleware
- Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | Fusion Middleware
- PeopleSoft Enterprise CC Common Application Objects, version 9.2 | PeopleSoft
- PeopleSoft Enterprise HCM Global Payroll Switzerland, version 9.2 | PeopleSoft
- PeopleSoft Enterprise PeopleTools, versions 8.59, 8.60 | PeopleSoft
- Primavera Gateway, versions 19.12.0-19.12.17, 20.12.0-20.12.12, 21.12.0-21.12.10 | Oracle Construction and Engineering Suite
- Primavera Unifier, versions 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.16, 22.12.0-22.12.9 | Oracle Construction and Engineering Suite
- Siebel Applications, versions 23.8 and prior | Siebel
- Sun ZFS Storage Appliance, version 8.8.60 | Systems
- TimesTen In-Memory Database, versions prior to 18.1.4.38.0, prior to 18.1.4.39.0, prior to 22.1.1.18.0 | Database
Riesgo
Crítico
Soluciones
Se recomienda acudir a la publicación original, facilitada en el enlace de referencia, para consultar todas las vulnerabilidades, los productos a los que afectan y las soluciones que señala el fabricante.
Referencias
Contacto
Para más información, cualquier otra incidencia o problema de seguridad, puede ponerse en contacto a través de nuestra dirección de correo csirt@seresco.es