Estas actualizaciones son acumulativas y se publican periódicamente para abordar vulnerabilidades de seguridad recientes
Torre del Mar 20 de enero 2023
Un Critical Patch Update (CPU) es una actualización de seguridad de Oracle que contiene parches para corregir vulnerabilidades en el código de Oracle y en los componentes de terceros incluidos en sus productos. Estas actualizaciones son acumulativas y se publican periódicamente para abordar vulnerabilidades de seguridad recientes. Es importante revisar y aplicar estas actualizaciones de forma oportuna ya que
los atacantes pueden explotar vulnerabilidades no corregidas.
Oracle recomienda encarecidamente que los clientes apliquen parches de seguridad lo antes posible. Para los clientes que se han saltado una o más actualizaciones de parches críticos y están preocupados por los productos que no tienen parches de seguridad anunciados en esta actualización de parches críticos,
revise los avisos de actualizaciones de parches críticos anteriores para determinar las acciones apropiadas.
Los parches publicados a través del programa Critical Patch Update se proporcionan solo para las versiones del producto que están cubiertas por las fases Premier Support o Extended Support de la Política de soporte de por vida. Oracle recomienda que los clientes planifiquen actualizaciones de productos para asegurarse de que los parches publicados a través del programa Critical Patch Update estén disponibles para las versiones que están ejecutando actualmente.
Las versiones de productos que no se encuentran bajo Soporte Premier o Soporte Extendido no se prueban para detectar la presencia de vulnerabilidades abordadas por esta Actualización de Parche Crítica. Sin embargo, es probable que las
versiones anteriores de las versiones afectadas también se vean afectadas por estas vulnerabilidades. Como resultado, Oracle recomienda que los clientes actualicen a las versiones compatibles.
Los productos de base de datos, Fusion Middleware y Oracle Enterprise Manager están parcheados de acuerdo con la política de soporte de corrección de errores de software que se explica en My Oracle Support Note 209768.1. Revise las Políticas de soporte técnico para obtener más pautas sobre las políticas de soporte y las fases de soporte.
Los boletines de terceros de Solaris se utilizan para anunciar parches de seguridad para software de terceros distribuidos con Oracle Solaris. Los clientes de
Solaris 10 deben consultar los conjuntos de parches más recientes que contienen parches de seguridad críticos detallados en el documento de disponibilidad de parches de sistemas. Consulte el índice de referencia de ID de CVE y parches de Solaris (Mi nota de soporte de Oracle 1448883.1) para obtener más información.
Los usuarios que ejecutan
Java SE con un navegador pueden descargar la última versión desde https://java.com. Los usuarios de las plataformas
Windows y Mac OS X también pueden usar actualizaciones automáticas para obtener la última versión.
Las vulnerabilidades que afectan a
Oracle Solaris pueden afectar a Oracle ZFSSA, por lo que los clientes de
Oracle deben consultar el Documento de conocimiento de actualización de parches críticos de Oracle and Sun Systems Product Suite, My Oracle Support Note 2160904.1 para obtener información sobre las revisiones mínimas de los parches de seguridad necesarios para resolver los problemas de
ZFSSA publicados en Actualizaciones de parches críticos. y boletines de terceros de Solaris.
Las vulnerabilidades de seguridad abordadas por esta
actualización de parche crítico afectan a los productos que se enumeran a continuación.
Big Data Spatial and Graph, versions prior to 21.4.3, prior to 23.1.0 Database
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0 Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0 Enterprise Manager
Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2411, prior to XCP3111, prior to XCP4011 Systems
GoldenGate Stream Analytics, versions prior to 19.1.0.0.8 Database
GoldenGate Veridata, versions prior to 12.2.1.4.220831 Database
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.7.2 JD Edwards
JD Edwards EnterpriseOne Tools, versions prior to 9.2.7.2 JD Edwards
Management Cloud Engine, version 22.1.0.0.0 Oracle Management Cloud Engine
Management Pack for Oracle GoldenGate, versions prior to 12.2.1.2.221115 Database
Middleware Common Libraries and Tools, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
MySQL Cluster, versions 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior, 8.0.31 and prior MySQL
MySQL Connectors, versions 8.0.31 and prior MySQL
MySQL Enterprise Monitor, versions 8.0.32 and prior MySQL
MySQL Server, versions 5.7.40 and prior, 8.0.31 and prior MySQL
MySQL Shell, versions 8.0.31 and prior MySQL
MySQL Workbench, versions 8.0.31 and prior MySQL
Oracle Access Manager, version 12.2.1.4.0 Fusion Middleware
Oracle Agile PLM, version 9.3.6 Oracle Supply Chain Products
Oracle AutoVue, versions prior to 21.0.2.6 Oracle Supply Chain Products
Oracle Banking Enterprise Default Management, versions 2.6.2, 2.7.0, 2.7.1, 2.12.0 Oracle Banking Platform
Oracle Banking Loans Servicing, versions 2.8.0, 2.12.0 Oracle Banking Platform
Oracle Banking Party Management, version 2.7.0 Oracle Banking Platform
Oracle Banking Platform, versions 2.6.2, 2.7.1, 2.9.0, 2.12.0 Oracle Banking Platform
Oracle BI Publisher, versions 5.9.0.0.0, 6.4.0.0.0, 12.2.1.4.0 Oracle Analytics
Oracle Business Intelligence Enterprise Edition, versions 5.9.0.0.0, 6.4.0.0.0 Oracle Analytics
Oracle Coherence, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2 Oracle Commerce
Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.7.0 Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.3.0-12.0.0.7.0 Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Calendar Server, version 8.0.0.6.0 Oracle Communications Calendar Server
Oracle Communications Cloud Native Core Automated Test Suite, versions 22.2.2, 22.3.1, 22.4.0 Oracle Communications Cloud Native Core Automated Test Suite
Oracle Communications Cloud Native Core Binding Support Function, versions 22.1.0, 22.1.1, 22.2.0, 22.2.1, 22.2.2, 22.2.4, 22.3.0-22.4.0 Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, versions 22.3.0, 22.4.0 Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Data Analytics Function, version 22.0.0.0.0 Oracle Communications Cloud Native
Core Network Data Analytics Function
Oracle Communications Cloud Native Core Network Exposure Function, versions 22.3.1, 22.4.0 Oracle Communications Cloud Native Core
Network Exposure Function
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 22.3.0 Oracle Communications Cloud Native
Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, versions 22.3.0, 22.3.2 Oracle Communications Cloud Native
Core Network Repository Function
Oracle Communications Cloud Native Core Network Slice Selection Function, versions 22.3.1, 22.4.1 Oracle Communications Cloud Native
Core Network Slice Selection Function
Oracle Communications Cloud Native Core Policy, versions 1.11.0, 22.3.0, 22.4.0 Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.3.1, 22.4.0 Oracle Communications Cloud Native
Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Unified Data Repository, versions 22.2.2, 22.2.3, 22.3.3, 22.3.4, 22.4.0 Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Contacts Server, version 8.0.0.7.0 Oracle Communications Contacts Server
Oracle Communications Converged Application Server, versions 7.1.0, 8.0.0 Oracle Communications Converged Application Server
Oracle Communications Convergence, version 3.0.3.1.0 Oracle Communications Convergence
Oracle Communications Design Studio, version 7.4.2 Oracle Communications Design Studio
Oracle Communications Diameter Intelligence Hub, version 8.2.3.0 Oracle Communications Diameter Signaling Router
Oracle Communications Diameter Signaling Router, version 8.6.0.0 Oracle Communications Diameter Signaling Router
Oracle Communications Elastic Charging Engine, versions 12.0.0.3.0-12.0.0.7.0 Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Instant Messaging Server, version 10.0.1.6.0 Oracle Communications Instant Messaging Server
Oracle Communications Messaging Server, version 8.1.0.20.0 Oracle Communications Messaging Server
Oracle Communications MetaSolv Solution, version 6.3.1 Oracle Communications MetaSolv Solution
Oracle Communications Order and Service Management, version 7.4.0 Oracle Communications Order and Service Management
Oracle Communications Performance Intelligence Center (PIC) Software, version 10.4.0.4.1 Oracle Communications Performance Intelligence Center (PIC) Software
Oracle Communications Pricing Design Center, versions 12.0.0.5.0-12.0.0.7.0 Oracle Communications Pricing Design Center
Oracle Communications Unified Assurance, versions 5.5.0-5.5.9, 6.0.0-6.0.1 Oracle Communications Unified Assurance
Oracle Communications Unified Inventory Management, versions 7.4.0-7.4.2, 7.5.0 Oracle Communications Unified Inventory Management
Oracle Database Server, versions 19c, 21c, [Perl] prior to 5.35 Database
Oracle Demantra Demand Management, versions 12.1, 12.2, 12.2.7, 12.2.8, 12.2.9, 12.2.10, 12.2.11, 12.2.12 Oracle Supply Chain Products
Oracle Documaker, versions 12.4.0-12.7.0 Oracle Insurance Applications
Oracle E-Business Suite, versions 12.2.3-12.2.12 Oracle E-Business Suite
Oracle Essbase, version 21.4 Database
Oracle Financial Services Crime and Compliance Management Studio, version 8.0.8.3.1 Oracle Financial Services Crime and Compliance Management Studio
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0 Fusion Middleware
Oracle Global Lifecycle Management NextGen OUI Framework, versions prior to 13.9.4.2.11 Fusion Middleware
Oracle Global Lifecycle Management OPatchAuto, versions [DB] prior to 12.2.0.1.35 Global Lifecycle Management
Oracle GraalVM Enterprise Edition, versions 20.3.8, 21.3.4, 22.3.0 Java SE
Oracle Graph Server and Client, versions prior to 21.4.3, prior to 22.4.0, prior to 23.1.0 Database
Oracle Health Sciences Empirica Signal, versions 9.1.0.52, 9.2.0.52 Health Sciences
Oracle Healthcare Data Repository, versions 8.1.0.0-8.1.3.1 HealthCare Applications
Oracle Healthcare Translational Research, versions 4.1.0.0-4.1.1.1 HealthCare Applications
Oracle Hospitality Cruise Shipboard Property Management System, version 20.2.2 Oracle Hospitality Cruise Shipboard Property
Management System
Oracle Hospitality Gift and Loyalty, version 9.1.0 Oracle Hospitality Gift and Loyalty
Oracle Hospitality Labor Management, version 9.1.0 Oracle Hospitality Labor Management
Oracle Hospitality Reporting and Analytics, version 9.1.0 Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony, versions 18.2.11, 19.3.4 Oracle Hospitality Simphony
Oracle HTTP Server, version 12.2.1.4.0 Fusion Middleware
Oracle Hyperion Infrastructure Technology, version 11.2.10 Oracle Enterprise Performance Management
Oracle Java SE, versions 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1 Java SE
Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0 Fusion Middleware
Oracle Outside In Technology, version 8.5.6 Fusion Middleware
Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3 Retail Applications
Oracle SD-WAN Aware, versions 8.2.1.9.0, 9.0.1.4.0 Oracle SD-WAN Aware
Oracle Solaris, versions 10, 11 Systems
Oracle Spatial Studio, versions prior to 22.3.0 Database
Oracle Stream Analytics, versions prior to 19.1.0.0.8 Database
Oracle TimesTen In-Memory Database, versions prior to 11.2.2.8.65 Database
Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0 Oracle Utilities Applications
Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1, 2.5.0.0-2.5.0.2 Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 6.1.42, prior to 7.0.6 Virtualization
Oracle Web Services Manager, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Content, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Sites, version 12.2.1.4.0 Fusion Middleware
Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
OSS Support Tools, versions 2.12.43, 22.2.22.4.5, 22.4.22.10.18 Oracle Support Tools
PeopleSoft Enterprise CC Common Application Objects, version 9.2 PeopleSoft
PeopleSoft Enterprise CS Academic Advisement, version 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59, 8.60 PeopleSoft
Primavera Gateway, versions 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10, 21.12.0-21.12.8 Oracle Construction and
Engineering Suite
Primavera Unifier, versions 18.8, 19.12, 20.12, 21.12, 22.12 Oracle Construction and Engineering Suite
Siebel Applications, versions 22.10 and prior Siebel
Fuente
CVE-2023-21839
CVE-2023-21832
CVE-2023-21846
CVE-2023-21847
CVE-2023-21861
CVE-2023-21891
CVE-2023-21892
CVE-2023-21885
CVE-2023-21889
CVE-2023-21898
CVE-2023-21899
CVE-2023-21894
CVE-2023-21886
CVE-2023-21883
CVE-2023-21888
CVE-2023-21835
CVE-2023-21841
CVE-2023-21843
CVE-2023-21829
CVE-2023-21834
CVE-2023-21827
CVE-2023-21890
CVE-2023-21838
CVE-2023-21884
CVE-2023-21830
CVE-2023-21837
CVE-2023-21872
CVE-2023-21878
CVE-2023-21879
CVE-2023-21880
CVE-2023-21881
CVE-2023-21893
CVE-2021-3737
CVE-2022-42003
CVE-2022-39429
CVE-2020-10735
CVE-2018-25032
CVE-2022-42004
CVE-2022-21597
CVE-2021-37750
CVE-2022-45047
CVE-2022-42889
CVE-2020-10878
CVE-2020-10543
CVE-2020-12723
CVE-2022-1122
CVE-2021-29338
CVE-2022-3171
CVE-2022-22970
CVE-2022-3509
CVE-2022-3510
CVE-2022-42252
CVE-2022-38752
CVE-2022-25857
CVE-2022-38749
CVE-2022-38750
CVE-2022-38751
CVE-2022-2274
CVE-2022-42915
CVE-2022-2068
CVE-2022-2097
CVE-2022-42916
CVE-2022-31129
CVE-2022-25647
CVE-2020-36518
CVE-2020-13956
CVE-2022-2048
CVE-2022-2047
CVE-2022-2191
CVE-2020-13920
CVE-2022-22971
CVE-2022-22950
CVE-2022-33980
CVE-2022-37434
CVE-2022-22965
CVE-2019-17571
CVE-2022-22978
CVE-2022-37454
CVE-2022-31692
CVE-2021-41411
CVE-2023-21848
CVE-2022-32212
CVE-2020-16156
CVE-2022-40150
CVE-2022-34917
CVE-2022-35737
CVE-2022-40146
CVE-2022-41720
CVE-2022-39271
CVE-2021-43797
CVE-2022-36055
CVE-2022-30126
CVE-2023-21824
CVE-2020-15250
CVE-2021-4104
CVE-2022-23302
CVE-2022-23305
CVE-2020-14392
CVE-2020-14393
CVE-2022-22976
CVE-2022-25169
CVE-2022-31690
CVE-2022-32213
CVE-2022-32214
CVE-2022-32215
CVE-2022-38398
CVE-2022-38648
CVE-2022-40149
CVE-2022-41717
CVE-2022-4200
CVE-2022-43403
CVE-2022-2526
CVE-2022-27404
CVE-2022-25315
CVE-2018-1273
CVE-2022-24407
CVE-2022-21824
CVE-2022-24903
CVE-2022-1304
CVE-2022-40304
CVE-2022-0492
CVE-2022-2509
CVE-2022-2053
CVE-2022-41881
CVE-2022-4147
CVE-2022-0084
CVE-2022-0934
CVE-2022-1319
CVE-2022-30293
CVE-2022-3028
CVE-2022-29824
CVE-2022-31629
CVE-2022-34305
CVE-2021-40528
CVE-2022-24823
CVE-2020-0466
CVE-2021-0920
CVE-2021-4155
CVE-2021-3629
CVE-2022-1259
CVE-2022-2764
CVE-2021-44531
CVE-2021-44532
CVE-2021-21290
CVE-2022-25235
CVE-2022-25236
CVE-2022-25313
CVE-2022-25314
CVE-2022-27405
CVE-2022-27406
CVE-2022-31625
CVE-2022-21499
CVE-2022-31626
CVE-2022-31627
CVE-2022-31628
CVE-2022-40303
CVE-2022-41915
CVE-2022-29885
CVE-2022-41853
CVE-2022-43404
CVE-2021-21708
CVE-2021-23358
CVE-2023-21849
CVE-2023-21858
CVE-2023-21857
CVE-2023-21856
CVE-2023-21852
CVE-2023-21851
CVE-2023-21853
CVE-2023-21855
CVE-2023-21854
CVE-2023-21825
CVE-2022-31813
CVE-2022-26377
CVE-2022-28614
CVE-2022-28615
CVE-2022-29404
CVE-2022-30522
CVE-2022-30556
CVE-2022-36033
CVE-2021-2351
CVE-2023-21828
CVE-2023-21826
CVE-2021-44832
CVE-2021-41184
CVE-2021-41182
CVE-2021-41183
CVE-2021-44228
CVE-2022-40664
CVE-2018-7489
CVE-2022-42920
CVE-2020-11987
CVE-2023-21862
CVE-2021-36770
CVE-2022-27782
CVE-2021-42717
CVE-2022-43680
CVE-2022-23457
CVE-2021-36090
CVE-2022-40153
CVE-2023-21842
CVE-2021-3181
CVE-2022-24329
CVE-2020-10693
CVE-2023-21859
CVE-2017-7536
CVE-2021-31811
CVE-2021-35515
CVE-2021-35516
CVE-2021-35517
CVE-2022-23307
CVE-2022-24891
CVE-2022-27778
CVE-2022-27779
CVE-2022-27780
CVE-2022-27781
CVE-2022-30115
CVE-2022-23308
CVE-2021-30641
CVE-2022-22721
CVE-2022-23221
CVE-2021-36483
CVE-2021-31805
CVE-2022-23437
CVE-2022-43548
CVE-2022-3602
CVE-2022-3786
CVE-2022-26336
CVE-2022-32221
CVE-2020-36242
CVE-2022-1941
CVE-2023-21868
CVE-2023-21860
CVE-2023-21875
CVE-2023-21869
CVE-2023-21877
CVE-2023-21871
CVE-2023-21836
CVE-2023-21887
CVE-2023-21863
CVE-2023-21864
CVE-2023-21865
CVE-2023-21866
CVE-2023-21867
CVE-2023-21870
CVE-2023-21873
CVE-2023-21876
CVE-2023-21840
CVE-2023-21882
CVE-2023-21874
CVE-2022-35260
CVE-2021-3918
CVE-2023-21844
CVE-2023-21845
CVE-2023-21831
CVE-2020-27844
CVE-2022-34169
CVE-2022-24839
CVE-2023-21850
CVE-2019-12415
CVE-2019-7317
CVE-2018-21010
CVE-2019-12973
CVE-2020-15389
CVE-2020-27814
CVE-2020-2784
CVE-2020-27842
CVE-2020-27843
CVE-2020-27845
CVE-2021-37533
CVE-2022-23219
CVE-2023-21900
CVE-2022-23218
CVE-2020-10683
CVE-2020-11979
CVE-2021-45105
CVE-2021-29425
CVE-2019-12402
Notificacion de vulnerabilidad en Cisco Prime Data Center Network Manager File Infomation - CVE-2015-0666