Oracle October 2019 Critical Patch Update Multiple Vulnerabilities

Risk

High

Date Discovered

October 11, 2019

Description

Oracle has released an advance notification regarding the October 2019 Critical Patch Update (CPU) to be released on October 15, 2019. The update addresses 240 vulnerabilities affecting the following software: Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Oracle NoSQL Database, versions prior to 19.3.12 Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3 Primavera Gateway, versions 15.2, 16.2, 17.12, 18.8 Primavera P6 Enterprise Project Portfolio Management, versions 15.1.0-15.2.18, 16.1.0-16.2.18, 17.1.0-17.12.14, 18.1.0-18.8.13 Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8 Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9 Enterprise Manager Base Platform, versions 13.2, 13.3 Enterprise Manager for Exadata, versions 12.1.0.6.0, 13.2.2.0.0, 13.2.3.0.0, 13.3.1.0.0, 13.3.2.0.0 Enterprise Manager Ops Center, versions 12.3.3, 12.4.0 Oracle Application Testing Suite, versions 13.2, 13.3 Oracle Banking Digital Experience, versions 18.1, 18.2, 18.3, 19.1 Oracle Banking Platform, versions 2.4.0, 2.4.1, 2.5.0, 2.6.0, 2.6.1, 2.7.0, 2.7.1 Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.2-8.0.8 Oracle Financial Services Enterprise Financial Performance Analytics, versions 8.0.6, 8.0.7 Oracle Financial Services Retail Performance Analytics, versions 8.0.6, 8.0.7 Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3 Oracle Hospitality Materials Control, version 18.1 Oracle Hospitality Reporting and Analytics, version 9.1.0 Oracle Hospitality RES 3700, version 5.7 Oracle API Gateway, version 11.1.2.4.0 Oracle BI Publisher, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Oracle Business Intelligence Enterprise Edition, versions 12.2.1.3.0, 12.2.1.4.0 Oracle Data Integrator, version 12.2.1.3.0 Oracle Enterprise Repository, version 12.1.3.0.0 Oracle Forms, version 12.2.1.3.0 Oracle GoldenGate Application Adapters, version 12.3.2.1.0 Oracle JDeveloper and ADF, versions 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.3.0 Oracle Outside In Technology, version 8.5.4 Oracle Service Bus, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0 Oracle SOA Suite, version 12.2.1.3.0 Oracle Virtual Directory, version 11.1.1.9.0 Oracle Web Services, version 12.2.1.3.0 Oracle WebCenter Portal, version 12.2.1.3.0 Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 Oracle Healthcare Foundation, versions 7.1.1, 7.2.2 Oracle Healthcare Translational Research, versions 3.1.0, 3.2.1, 3.3.1 Oracle Hospitality Cruise Dining Room Management, version 8.0.80 Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1 Hyperion Data Relationship Management, version 11.1.2.4 Hyperion Enterprise Performance Management Architect, version 11.1.2.4 Hyperion Financial Reporting, version 11.1.2.4 Oracle Java SE, versions 7u231, 8u221, 11.0.4, 13 Oracle Java SE Embedded, version 8u221 Oracle GraalVM Enterprise Edition, version 19.2.0 JD Edwards EnterpriseOne Tools, version 4.0.1.0 Oracle Knowledge, versions 8.6.0-8.6.3 MySQL Connectors, versions 5.3.13 and prior, 8.0.17 and prior MySQL Enterprise Monitor, versions 8.0.17 and prior MySQL Server, versions 5.6.45 and prior, 5.7.27 and prior, 8.17 and prior MySQL Workbench, versions 8.0.17 and prior PeopleSoft Enterprise HCM Human Resources, version 9.2 PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57 PeopleSoft Enterprise SCM eProcurement, version 9.2 Oracle Policy Automation, versions 10.4.7, 12.1.0, 12.1.1, 12.2.0-12.2.15 Oracle Policy Automation Connector for Siebel, version 10.4.6 Oracle Policy Automation for Mobile Devices, versions 12.2.0-12.2.15 MICROS Relate CRM Software, versions 7.1.0, 11.4, 15.0.0, 16.0.0, 17.0.0, 18.0.0 MICROS Retail XBRi Loss Prevention, version 10.8.3 Oracle Retail Customer Insights, versions 15.0, 16.0 Oracle Retail Customer Management and Segmentation Foundation, version 17.0 Oracle Retail Integration Bus, versions 15.0, 16.0 Oracle Retail Xstore Office, version 7.1 Oracle Retail Xstore Point of Service, versions 7.1, 15.0, 16.0, 17.0, 17.0.3, 18.0, 18.0.1, 19.0.0 Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2361, prior to XCP3071 Oracle Solaris, versions 10, 11 Agile Recipe Management for Pharmaceuticals, versions 9.3.3, 9.3.4 Oracle Agile PLM, versions 9.3.3-9.3.6 Oracle Agile Product Lifecycle Management for Process, versions 6.2.0.0, 6.2.1.0, 6.2.2.0, 6.2.3.0 Diagnostic Assistant, version 2.12.36 Oracle Clusterware, version 19.0.0.0.0 Oracle Secure Global Desktop, versions 5.4, 5.5 Oracle VM VirtualBox, versions prior to 5.2.34, prior to 6.0.14 Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.

Technologies Affected

  • Oracle ADF 11.1.1.9.0
  • Oracle ADF 11.1.2.4.0
  • Oracle ADF 12.1.3.0.0
  • Oracle ADF 12.2.1.3.0
  • Oracle API Gateway 11.1.2.4.0
  • Oracle Agile PLM 9.3.3
  • Oracle Agile PLM 9.3.4
  • Oracle Agile PLM 9.3.5
  • Oracle Agile PLM 9.3.6
  • Oracle Agile Product Lifecycle Management for Process 6.2.0.0
  • Oracle Agile Product Lifecycle Management for Process 6.2.1.0
  • Oracle Agile Product Lifecycle Management for Process 6.2.2.0
  • Oracle Agile Product Lifecycle Management for Process 6.2.3.0
  • Oracle Agile Recipe Management for Pharmaceuticals 9.3.3
  • Oracle Agile Recipe Management for Pharmaceuticals 9.3.4
  • Oracle Application Testing Suite 13.2
  • Oracle Application Testing Suite 13.3
  • Oracle BI Publisher 11.1.1.9.0
  • Oracle BI Publisher 12.2.1.3.0
  • Oracle BI Publisher 12.2.1.4.0
  • Oracle Banking Digital Experience 18.1
  • Oracle Banking Digital Experience 18.2
  • Oracle Banking Digital Experience 18.3
  • Oracle Banking Digital Experience 19.1
  • Oracle Banking Platform 2.4.0
  • Oracle Banking Platform 2.4.1
  • Oracle Banking Platform 2.5.0
  • Oracle Banking Platform 2.6.0
  • Oracle Banking Platform 2.6.1
  • Oracle Banking Platform 2.7.0
  • Oracle Banking Platform 2.7.1
  • Oracle Business Intelligence Enterprise Edition 12.2.1.3.0
  • Oracle Business Intelligence Enterprise Edition 12.2.1.4.0
  • Oracle Clusterware 19.0.0.0.0
  • Oracle Data Integrator 12.2.1.3.0
  • Oracle Database Server 11.2.0.4.0
  • Oracle Database Server 12.1.0.2
  • Oracle Database Server 12.2.0.1
  • Oracle Database Server 18c
  • Oracle Database Server 19c
  • Oracle Diagnostic Assistant 2.12.36
  • Oracle E-Business Suite 12.1.1
  • Oracle E-Business Suite 12.1.2
  • Oracle E-Business Suite 12.1.3
  • Oracle E-Business Suite 12.2.3
  • Oracle E-Business Suite 12.2.4
  • Oracle E-Business Suite 12.2.5
  • Oracle E-Business Suite 12.2.6
  • Oracle E-Business Suite 12.2.7
  • Oracle E-Business Suite 12.2.8
  • Oracle E-Business Suite 12.2.9
  • Oracle Enterprise Manager Base Platform 13.2
  • Oracle Enterprise Manager Base Platform 13.3
  • Oracle Enterprise Manager Ops Center 12.3.3
  • Oracle Enterprise Manager Ops Center 12.4.0
  • Oracle Enterprise Manager for Exadata 12.1.0.6.0
  • Oracle Enterprise Manager for Exadata 13.2.2.0.0
  • Oracle Enterprise Manager for Exadata 13.2.3.0.0
  • Oracle Enterprise Manager for Exadata 13.3.1.0.0
  • Oracle Enterprise Manager for Exadata 13.3.2.0.0
  • Oracle Enterprise Repository 12.1.3.0.0
  • Oracle FLEXCUBE Direct Banking 12.0.2
  • Oracle FLEXCUBE Direct Banking 12.0.3
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.2
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.3
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.4
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.5
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.6
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.7
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.8
  • Oracle Financial Services Enterprise Financial Performance Analytics 8.0.6
  • Oracle Financial Services Enterprise Financial Performance Analytics 8.0.7
  • Oracle Financial Services Retail Performance Analytics 8.0.6
  • Oracle Financial Services Retail Performance Analytics 8.0.7
  • Oracle Forms 12.2.1.3.0
  • Oracle Fujitsu M10-1 Server XCP 2230
  • Oracle Fujitsu M10-1 Server XCP 2271
  • Oracle Fujitsu M10-1 Server XCP 2280
  • Oracle Fujitsu M10-1 Server XCP 2290
  • Oracle Fujitsu M10-1 Server XCP 2320
  • Oracle Fujitsu M10-4 Server XCP 2230
  • Oracle Fujitsu M10-4 Server XCP 2271
  • Oracle Fujitsu M10-4 Server XCP 2280
  • Oracle Fujitsu M10-4 Server XCP 2290
  • Oracle Fujitsu M10-4 Server XCP 2320
  • Oracle Fujitsu M10-4S Server XCP 2230
  • Oracle Fujitsu M10-4S Server XCP 2271
  • Oracle Fujitsu M10-4S Server XCP 2280
  • Oracle Fujitsu M10-4S Server XCP 2290
  • Oracle Fujitsu M10-4S Server XCP 2320
  • Oracle Fujitsu M12-1 Server XCP 2230
  • Oracle Fujitsu M12-1 Server XCP 2290
  • Oracle Fujitsu M12-1 Server XCP 2320
  • Oracle Fujitsu M12-1 Server XCP 3000
  • Oracle Fujitsu M12-2 Server XCP 2230
  • Oracle Fujitsu M12-2 Server XCP 2290
  • Oracle Fujitsu M12-2 Server XCP 2320
  • Oracle Fujitsu M12-2 Server XCP 3000
  • Oracle Fujitsu M12-2S Server XCP 2230
  • Oracle Fujitsu M12-2S Server XCP 2290
  • Oracle Fujitsu M12-2S Server XCP 2320
  • Oracle Fujitsu M12-2S Server XCP 3000
  • Oracle GoldenGate Application Adapters 12.3.2.1.0
  • Oracle GraalVM Enterprise Edition 19.2.0
  • Oracle Healthcare Foundation 7.1.1
  • Oracle Healthcare Foundation 7.2.2
  • Oracle Healthcare Translational Research 3.1.0
  • Oracle Healthcare Translational Research 3.2.1
  • Oracle Healthcare Translational Research 3.3.1
  • Oracle Hospitality Cruise Dining Room Management 8.0.80
  • Oracle Hospitality Guest Access 4.2.0
  • Oracle Hospitality Guest Access 4.2.1
  • Oracle Hospitality Materials Control 18.1
  • Oracle Hospitality RES 3700 5.7
  • Oracle Hospitality Reporting and Analytics 9.1.0
  • Oracle Hyperion Data Relationship Management 11.1.2.4
  • Oracle Hyperion Enterprise Performance Management Architect 11.1.2.4
  • Oracle Hyperion Financial Reporting 11.1.2.4
  • Oracle Instantis EnterpriseTrack 17.1
  • Oracle Instantis EnterpriseTrack 17.2
  • Oracle Instantis EnterpriseTrack 17.3
  • Oracle JD Edwards EnterpriseOne Tools 4.0.1.0
  • Oracle JDeveloper 11.1.1.9.0
  • Oracle JDeveloper 11.1.2.4.0
  • Oracle JDeveloper 12.1.3.0.0
  • Oracle JDeveloper 12.2.1.3.0
  • Oracle Java SE 11.0.4
  • Oracle Java SE 13
  • Oracle Java SE 7u231
  • Oracle Java SE 8u221
  • Oracle Java SE Embedded 8u221
  • Oracle Knowledge 8.6.0
  • Oracle Knowledge 8.6.1
  • Oracle Knowledge 8.6.3
  • Oracle MICROS Relate CRM Software 11.4
  • Oracle MICROS Relate CRM Software 15.0.0
  • Oracle MICROS Relate CRM Software 16.0.0
  • Oracle MICROS Relate CRM Software 17.0.0
  • Oracle MICROS Relate CRM Software 18.0.0
  • Oracle MICROS Relate CRM Software 7.1.0
  • Oracle MICROS Retail XBRi Loss Prevention 10.8.3
  • Oracle MySQL Connectors 5.3.10
  • Oracle MySQL Connectors 5.3.12
  • Oracle MySQL Connectors 5.3.13
  • Oracle MySQL Connectors 8.0.11
  • Oracle MySQL Connectors 8.0.12
  • Oracle MySQL Connectors 8.0.13
  • Oracle MySQL Connectors 8.0.15
  • Oracle MySQL Connectors 8.0.17
  • Oracle MySQL Enterprise Monitor 2.3
  • Oracle MySQL Enterprise Monitor 2.3.13
  • Oracle MySQL Enterprise Monitor 2.3.14
  • Oracle MySQL Enterprise Monitor 2.3.15
  • Oracle MySQL Enterprise Monitor 2.3.16
  • Oracle MySQL Enterprise Monitor 2.3.19
  • Oracle MySQL Enterprise Monitor 2.3.20
  • Oracle MySQL Enterprise Monitor 3.0
  • Oracle MySQL Enterprise Monitor 3.0.0
  • Oracle MySQL Enterprise Monitor 3.0.10
  • Oracle MySQL Enterprise Monitor 3.0.18
  • Oracle MySQL Enterprise Monitor 3.0.20
  • Oracle MySQL Enterprise Monitor 3.0.22
  • Oracle MySQL Enterprise Monitor 3.0.25
  • Oracle MySQL Enterprise Monitor 3.0.4
  • Oracle MySQL Enterprise Monitor 3.0.8
  • Oracle MySQL Enterprise Monitor 3.0.9
  • Oracle MySQL Enterprise Monitor 3.1.2
  • Oracle MySQL Enterprise Monitor 3.1.3.7856
  • Oracle MySQL Enterprise Monitor 3.1.4.7895
  • Oracle MySQL Enterprise Monitor 3.1.5.7958
  • Oracle MySQL Enterprise Monitor 3.1.6.8003
  • Oracle MySQL Enterprise Monitor 3.2.1.1049
  • Oracle MySQL Enterprise Monitor 3.2.1182
  • Oracle MySQL Enterprise Monitor 3.2.4.1102
  • Oracle MySQL Enterprise Monitor 3.2.5.1141
  • Oracle MySQL Enterprise Monitor 3.2.7.1204
  • Oracle MySQL Enterprise Monitor 3.2.8.2223
  • Oracle MySQL Enterprise Monitor 3.3.0.1098
  • Oracle MySQL Enterprise Monitor 3.3.2.1162
  • Oracle MySQL Enterprise Monitor 3.3.3.1199
  • Oracle MySQL Enterprise Monitor 3.3.4.3247
  • Oracle MySQL Enterprise Monitor 3.3.6.3293
  • Oracle MySQL Enterprise Monitor 3.3.7.3306
  • Oracle MySQL Enterprise Monitor 3.4.0
  • Oracle MySQL Enterprise Monitor 3.4.1
  • Oracle MySQL Enterprise Monitor 3.4.2.4181
  • Oracle MySQL Enterprise Monitor 3.4.4.4226
  • Oracle MySQL Enterprise Monitor 3.4.5.4248
  • Oracle MySQL Enterprise Monitor 3.4.7.4297
  • Oracle MySQL Enterprise Monitor 3.4.9.4237
  • Oracle MySQL Enterprise Monitor 4.0.0.5135
  • Oracle MySQL Enterprise Monitor 4.0.2.5168
  • Oracle MySQL Enterprise Monitor 4.0.4.5235
  • Oracle MySQL Enterprise Monitor 4.0.6.5281
  • Oracle MySQL Enterprise Monitor 4.0.7
  • Oracle MySQL Enterprise Monitor 4.0.8
  • Oracle MySQL Enterprise Monitor 4.0.9
  • Oracle MySQL Enterprise Monitor 8.0.0.8131
  • Oracle MySQL Enterprise Monitor 8.0.13
  • Oracle MySQL Enterprise Monitor 8.0.14
  • Oracle MySQL Enterprise Monitor 8.0.17
  • Oracle MySQL Enterprise Monitor 8.0.2.8191
  • Oracle MySQL Server 5.6
  • Oracle MySQL Server 5.6.15
  • Oracle MySQL Server 5.6.16
  • Oracle MySQL Server 5.6.20
  • Oracle MySQL Server 5.6.21
  • Oracle MySQL Server 5.6.22
  • Oracle MySQL Server 5.6.23
  • Oracle MySQL Server 5.6.24
  • Oracle MySQL Server 5.6.25
  • Oracle MySQL Server 5.6.26
  • Oracle MySQL Server 5.6.27
  • Oracle MySQL Server 5.6.28
  • Oracle MySQL Server 5.6.29
  • Oracle MySQL Server 5.6.30
  • Oracle MySQL Server 5.6.33
  • Oracle MySQL Server 5.6.34
  • Oracle MySQL Server 5.6.35
  • Oracle MySQL Server 5.6.36
  • Oracle MySQL Server 5.6.37
  • Oracle MySQL Server 5.6.38
  • Oracle MySQL Server 5.6.39
  • Oracle MySQL Server 5.6.40
  • Oracle MySQL Server 5.6.41
  • Oracle MySQL Server 5.6.42
  • Oracle MySQL Server 5.6.43
  • Oracle MySQL Server 5.6.44
  • Oracle MySQL Server 5.6.45
  • Oracle MySQL Server 5.7.0
  • Oracle MySQL Server 5.7.12
  • Oracle MySQL Server 5.7.15
  • Oracle MySQL Server 5.7.16
  • Oracle MySQL Server 5.7.17
  • Oracle MySQL Server 5.7.18
  • Oracle MySQL Server 5.7.19
  • Oracle MySQL Server 5.7.20
  • Oracle MySQL Server 5.7.21
  • Oracle MySQL Server 5.7.22
  • Oracle MySQL Server 5.7.23
  • Oracle MySQL Server 5.7.24
  • Oracle MySQL Server 5.7.25
  • Oracle MySQL Server 5.7.26
  • Oracle MySQL Server 5.7.27
  • Oracle MySQL Server 8.17
  • Oracle MySQL Workbench 8.0.11
  • Oracle MySQL Workbench 8.0.13
  • Oracle MySQL Workbench 8.0.16
  • Oracle MySQL Workbench 8.0.17
  • Oracle NoSQL Database
  • Oracle Outside In Technology 8.5.4
  • Oracle PeopleSoft Enterprise HCM Human Resources 9.2
  • Oracle PeopleSoft Enterprise PeopleTools 8.56
  • Oracle PeopleSoft Enterprise PeopleTools 8.57
  • Oracle PeopleSoft Enterprise SCM eProcurement 9.2
  • Oracle Policy Automation 10.4.7
  • Oracle Policy Automation 12.1.0
  • Oracle Policy Automation 12.1.1
  • Oracle Policy Automation 12.2.0
  • Oracle Policy Automation 12.2.1
  • Oracle Policy Automation 12.2.10
  • Oracle Policy Automation 12.2.15
  • Oracle Policy Automation 12.2.2
  • Oracle Policy Automation 12.2.3
  • Oracle Policy Automation 12.2.7
  • Oracle Policy Automation 12.2.8
  • Oracle Policy Automation 12.2.9
  • Oracle Policy Automation Connector for Siebel 10.4.6
  • Oracle Policy Automation for Mobile Devices 12.2.0
  • Oracle Policy Automation for Mobile Devices 12.2.10
  • Oracle Policy Automation for Mobile Devices 12.2.15
  • Oracle Policy Automation for Mobile Devices 12.2.4
  • Oracle Policy Automation for Mobile Devices 12.2.5
  • Oracle Policy Automation for Mobile Devices 12.2.6
  • Oracle Policy Automation for Mobile Devices 12.2.7
  • Oracle Policy Automation for Mobile Devices 12.2.8
  • Oracle Policy Automation for Mobile Devices 12.2.9
  • Oracle Primavera Gateway 15.2
  • Oracle Primavera Gateway 16.2
  • Oracle Primavera Gateway 17.12
  • Oracle Primavera Gateway 18.8
  • Oracle Primavera P6 Enterprise Project Portfolio Management 15.1
  • Oracle Primavera P6 Enterprise Project Portfolio Management 15.2
  • Oracle Primavera P6 Enterprise Project Portfolio Management 15.2.18
  • Oracle Primavera P6 Enterprise Project Portfolio Management 16.1
  • Oracle Primavera P6 Enterprise Project Portfolio Management 16.2
  • Oracle Primavera P6 Enterprise Project Portfolio Management 16.2.18
  • Oracle Primavera P6 Enterprise Project Portfolio Management 17.1
  • Oracle Primavera P6 Enterprise Project Portfolio Management 17.12
  • Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.14
  • Oracle Primavera P6 Enterprise Project Portfolio Management 18.1.0
  • Oracle Primavera P6 Enterprise Project Portfolio Management 18.8
  • Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.13
  • Oracle Primavera Unifier 16.1
  • Oracle Primavera Unifier 16.2
  • Oracle Primavera Unifier 17.12
  • Oracle Primavera Unifier 17.7
  • Oracle Primavera Unifier 18.8
  • Oracle Retail Customer Insights 15.0
  • Oracle Retail Customer Insights 16.0
  • Oracle Retail Customer Management and Segmentation Foundation 17.0
  • Oracle Retail Integration Bus 15.0
  • Oracle Retail Integration Bus 16.0
  • Oracle Retail Xstore Office 7.1
  • Oracle Retail Xstore Point of Service 15.0
  • Oracle Retail Xstore Point of Service 16.0
  • Oracle Retail Xstore Point of Service 17.0
  • Oracle Retail Xstore Point of Service 17.0.3
  • Oracle Retail Xstore Point of Service 18.0
  • Oracle Retail Xstore Point of Service 18.0.1
  • Oracle Retail Xstore Point of Service 19.0.0
  • Oracle Retail Xstore Point of Service 7.1
  • Oracle SOA Suite 12.2.1.3.0
  • Oracle Secure Global Desktop 5.4
  • Oracle Secure Global Desktop 5.5
  • Oracle Service Bus 11.1.1.9.0
  • Oracle Service Bus 12.1.3.0.0
  • Oracle Service Bus 12.2.1.3.0
  • Oracle Siebel Applications 16.0
  • Oracle Siebel Applications 16.1
  • Oracle Siebel Applications 17.0
  • Oracle Siebel Applications 18.0
  • Oracle Siebel Applications 18.10
  • Oracle Siebel Applications 18.11
  • Oracle Siebel Applications 18.12
  • Oracle Siebel Applications 18.7
  • Oracle Siebel Applications 18.8
  • Oracle Siebel Applications 18.9
  • Oracle Siebel Applications 19.0
  • Oracle Siebel Applications 19.3
  • Oracle Siebel Applications 19.8
  • Oracle Siebel Applications 6.1
  • Oracle Siebel Applications 6.2
  • Oracle Siebel Applications 7.0
  • Oracle Siebel Applications 7.1
  • Oracle Siebel Applications 8.1
  • Oracle Siebel Applications 8.1.1
  • Oracle Siebel Applications 8.2
  • Oracle Siebel Applications 8.2.2
  • Oracle Siebel Applications 8.5
  • Oracle Solaris 10
  • Oracle Solaris 11
  • Oracle VM VirtualBox 5.2.0
  • Oracle VM VirtualBox 5.2.10
  • Oracle VM VirtualBox 5.2.16
  • Oracle VM VirtualBox 5.2.18
  • Oracle VM VirtualBox 5.2.2
  • Oracle VM VirtualBox 5.2.20
  • Oracle VM VirtualBox 5.2.22
  • Oracle VM VirtualBox 5.2.24
  • Oracle VM VirtualBox 5.2.25
  • Oracle VM VirtualBox 5.2.26
  • Oracle VM VirtualBox 5.2.28
  • Oracle VM VirtualBox 5.2.32
  • Oracle VM VirtualBox 5.2.4
  • Oracle VM VirtualBox 6.0.0
  • Oracle VM VirtualBox 6.0.10
  • Oracle VM VirtualBox 6.0.2
  • Oracle VM VirtualBox 6.0.4
  • Oracle VM VirtualBox 6.0.6
  • Oracle Virtual Directory 11.1.1.9.0
  • Oracle Web Services 12.2.1.3.0
  • Oracle WebCenter Portal 12.2.1.3.0
  • Oracle Weblogic Server 10.3.6.0.0
  • Oracle Weblogic Server 12.1.3.0.0
  • Oracle Weblogic Server 12.2.1.3.0

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Only allow trusted users to have local interactive access to the affected computer.

Block external access at the network boundary, unless external parties require service.
If global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit.

Implement multiple redundant layers of security.
As an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality.

The vendor planned to release updates to address these issues on October 15, 2019. Please see the references for more information.

References

Credits

Oracle


© 1995- Symantec Corporation

Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer

The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.