【安全通告】Oracle全系产品7月关键补丁更新通告
2021-07-22
一. 漏洞概述
2021年7月21日,尊龙凯时科技CERT监测发现Oracle官方发布了7月关键补丁更新公告CPU(Critical Patch Update),共修复了342个不同程度的漏洞,此次安全更新涉及Oracle Database Server、Oracle Java SE、Oracle Fusion Middleware、Oracle MySQL、Oracle Communications等多个常用产品。Oracle强烈建议客户尽快应用关键补丁更新修复程序,对漏洞进行修复。
参考链接:
https://www.oracle.com/security-alerts/cpujul2021.html
二. 重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Oracle MySQL多个漏洞:
此次安全更新针对Oracle MySQL发布了41个安全补丁, 有10个漏洞在未经用户身份验证的情况下即可远程进行利用。其中高危漏洞如下:
CVE-2021-22884
CVE-2021-22901
Oracle Communications Applications多个漏洞:
此次安全更新针对Oracle Communications Applications发布了33个安全补丁,有22个漏洞在未经用户身份验证的情况下即可远程进行利用。其中高危漏洞如下:
CVE-2020-11612
CVE-2021-3177
CVE-2020-17530
CVE-2019-17195
CVE-2019-17195
CVE-2020-11612
CVE-2020-10878
CVE-2020-14195
Oracle E-Business Suite多个漏洞:
此次安全更新针对Oracle E-Business Suite发布了17个安全补丁,有3个漏洞在未经用户身份验证的情况下即可远程进行利用。其中高危漏洞如下:
CVE-2021-2355
CVE-2021-2436
CVE-2021-2359
Oracle Fusion Middleware多个漏洞:
此次安全更新针对Oracle Fusion Middleware发布了48个安全补丁,有35个漏洞在未经用户身份验证的情况下即可远程进行利用。其中高危漏洞如下:
CVE-2021-2394
CVE-2021-2397
CVE-2021-2382
CVE-2021-2456
CVE-2019-17195
CVE-2020-10683
CVE-2020-28052
Oracle Retail Applications多个漏洞:
此次安全更新针对Oracle Retail Applications发布了23个安全补丁,有15个漏洞在未经用户身份验证的情况下即可远程进行利用。其中高危漏洞如下:
CVE-2021-21345
CVE-2019-0219
Oracle官方7月关键补丁更新漏洞总结如下:
产品 |
漏洞个数 |
未授权远程利用个数 |
最高CVSS评分 |
Oracle Database Products Risk Matrices |
16 |
1 |
8.3 |
Oracle Database Server |
16 |
1 |
8.3 |
Oracle Big Data Graph |
2 |
2 |
8.8 |
Oracle Essbase |
9 |
8 |
10 |
Oracle Commerce |
11 |
8 |
9.8 |
Oracle Communications Applications |
33 |
22 |
9.9 |
Oracle Communications |
26 |
23 |
9.8 |
Oracle Construction and Engineering |
10 |
5 |
9.8 |
Oracle E-Business Suite |
17 |
3 |
9.1 |
Oracle Enterprise Manager |
8 |
8 |
9.8 |
Oracle Financial Services Applications |
22 |
17 |
9.9 |
Oracle Food and Beverage Applications |
6 |
0 |
8.1 |
Oracle Fusion Middleware |
48 |
35 |
9.9 |
Oracle Hospitality Applications |
1 |
0 |
5.5 |
Oracle Hyperion |
6 |
4 |
9.8 |
Oracle Insurance Applications |
4 |
3 |
8.8 |
Oracle Java SE |
6 |
5 |
9.8 |
Oracle JD Edwards |
9 |
8 |
9.8 |
Oracle MySQL |
41 |
10 |
8.8 |
Oracle PeopleSoft |
14 |
8 |
9.8 |
Oracle Policy Automation |
1 |
1 |
9.8 |
Oracle Retail Applications |
23 |
15 |
9.9 |
Oracle Siebel CRM |
6 |
4 |
8.1 |
Oracle Supply Chain |
5 |
5 |
7.5 |
Oracle Support Tools |
1 |
1 |
6.1 |
Oracle Systems |
11 |
9 |
9.8 |
Oracle Virtualization |
6 |
1 |
9.9 |
Oracle Database Products Risk Matrices |
16 |
1 |
8.3 |
Oracle Database Server |
16 |
1 |
8.3 |
Oracle Big Data Graph |
2 |
2 |
8.8 |
Oracle Essbase |
9 |
8 |
10 |
Oracle Commerce |
11 |
8 |
9.8 |
Oracle Communications Applications |
33 |
22 |
9.9 |
Oracle Communications |
26 |
23 |
9.8 |
Oracle Construction and Engineering |
10 |
5 |
9.8 |
Oracle E-Business Suite |
17 |
3 |
9.1 |
Oracle Enterprise Manager |
8 |
8 |
9.8 |
Oracle Financial Services Applications |
22 |
17 |
9.9 |
Oracle Food and Beverage Applications |
6 |
0 |
8.1 |
Oracle Fusion Middleware |
48 |
35 |
9.9 |
Oracle Hospitality Applications |
1 |
0 |
5.5 |
Oracle Hyperion |
6 |
4 |
9.8 |
Oracle Insurance Applications |
4 |
3 |
8.8 |
Oracle Java SE |
6 |
5 |
9.8 |
Oracle JD Edwards |
9 |
8 |
9.8 |
Oracle MySQL |
41 |
10 |
8.8 |
Oracle PeopleSoft |
14 |
8 |
9.8 |
Oracle Policy Automation |
1 |
1 |
9.8 |
Oracle Retail Applications |
23 |
15 |
9.9 |
Oracle Siebel CRM |
6 |
4 |
8.1 |
Oracle Supply Chain |
5 |
5 |
7.5 |
Oracle Support Tools |
1 |
1 |
6.1 |
Oracle Systems |
11 |
9 |
9.8 |
Oracle Virtualization |
6 |
1 |
9.9 |
三. 漏洞防护
请用户参考本文附录“受影响产品及补丁信息”及时下载受影响产品更新补丁,并参照补丁安装包中的readme文件进行安装更新,以保证长期有效的防护。
注:Oracle官方补丁需要用户持有正版软件的许可账号,使用该账号登陆https://support.oracle.com后,可以下载最新补丁。