9VSA23-00774-01 CSIRT comparte informe de vulnerabilidades parchadas por Oracle en su Critical Patch Update de Enero 2023

Resumen

El CSIRT de Gobierno comparte información sobre vulnerabilidades que afectan a varios productos de Oracle, que fueron parchadas y comunicadas por la empresa como parte de su actualización de seguridad de enero 2023 (Oracle Critical Patch Update Advisory – January 2023).

Vulnerabilidades

CVE-2018-1273

CVE-2018-25032

CVE-2018-7489

CVE-2019-12415

CVE-2019-17571

CVE-2019-7317

CVE-2020-10683

CVE-2020-10693

CVE-2020-10735

CVE-2020-11979

CVE-2020-11987

CVE-2020-13956

CVE-2020-16156

CVE-2020-27844

CVE-2020-36242

CVE-2020-36518

CVE-2021-23358

CVE-2021-2351

CVE-2021-29425

CVE-2021-31805

CVE-2021-31812

CVE-2021-36090

CVE-2021-36483

CVE-2021-36770

CVE-2021-3737

CVE-2021-37533

CVE-2021-3918

CVE-2021-40528

CVE-2021-41184

CVE-2021-41411

CVE-2021-42717

CVE-2021-43797

CVE-2021-44832

CVE-2021-45105

CVE-2022-0084

CVE-2022-0492

CVE-2022-0934

CVE-2022-1122

CVE-2022-1304

CVE-2022-1319

CVE-2022-1941

CVE-2022-2048

CVE-2022-2053

CVE-2022-21824

CVE-2022-2274

CVE-2022-22965

CVE-2022-22970

CVE-2022-22971

CVE-2022-22978

CVE-2022-23219

CVE-2022-23221

CVE-2022-23305

CVE-2022-23437

CVE-2022-23457

CVE-2022-24329

CVE-2022-24407

CVE-2022-24823

CVE-2022-24839

CVE-2022-24903

CVE-2022-2509

CVE-2022-25236

CVE-2022-2526

CVE-2022-25315

CVE-2022-25647

CVE-2022-25857

CVE-2022-26336

CVE-2022-27404

CVE-2022-27782

CVE-2022-29824

CVE-2022-30126

CVE-2022-3028

CVE-2022-30293

CVE-2022-31129

CVE-2022-31629

CVE-2022-31692

CVE-2022-3171

CVE-2022-31813

CVE-2022-32212

CVE-2022-32221

CVE-2022-33980

CVE-2022-34169

CVE-2022-34305

CVE-2022-34917

CVE-2022-3510

CVE-2022-35737

CVE-2022-36033

CVE-2022-36055

CVE-2022-37434

CVE-2022-37454

CVE-2022-38752

CVE-2022-39271

CVE-2022-39429

CVE-2022-40146

CVE-2022-40149

CVE-2022-40150

CVE-2022-40153

CVE-2022-40304

CVE-2022-40664

CVE-2022-4147

CVE-2022-41720

CVE-2022-41881

CVE-2022-42003

CVE-2022-42252

CVE-2022-42889

CVE-2022-42915

CVE-2022-42920

CVE-2022-43403

CVE-2022-43548

CVE-2022-43680

CVE-2022-45047

CVE-2023-21824

CVE-2023-21825

CVE-2023-21826

CVE-2023-21827

CVE-2023-21828

CVE-2023-21829

CVE-2023-21830

CVE-2023-21831

CVE-2023-21832

CVE-2023-21834

CVE-2023-21835

CVE-2023-21836

CVE-2023-21837

CVE-2023-21838

CVE-2023-21839

CVE-2023-21840

CVE-2023-21841

CVE-2023-21842

CVE-2023-21843

CVE-2023-21844

CVE-2023-21845

CVE-2023-21846

CVE-2023-21847

CVE-2023-21848

CVE-2023-21849

CVE-2023-21850

CVE-2023-21851

CVE-2023-21852

CVE-2023-21853

CVE-2023-21854

CVE-2023-21855

CVE-2023-21856

CVE-2023-21857

CVE-2023-21858

CVE-2023-21859

CVE-2023-21860

CVE-2023-21861

CVE-2023-21862

CVE-2023-21863

CVE-2023-21864

CVE-2023-21865

CVE-2023-21866

CVE-2023-21867

CVE-2023-21868

CVE-2023-21869

CVE-2023-21870

CVE-2023-21871

CVE-2023-21872

CVE-2023-21873

CVE-2023-21874

CVE-2023-21875

CVE-2023-21876

CVE-2023-21877

CVE-2023-21878

CVE-2023-21879

CVE-2023-21880

CVE-2023-21881

CVE-2023-21882

CVE-2023-21883

CVE-2023-21884

CVE-2023-21885

CVE-2023-21886

CVE-2023-21887

CVE-2023-21888

CVE-2023-21889

CVE-2023-21890

CVE-2023-21891

CVE-2023-21892

CVE-2023-21893

CVE-2023-21894

CVE-2023-21898

CVE-2023-21899

CVE-2023-21900

CVE-2021-21708

CVE-2022-2047

CVE-2022-21597

CVE-2022-2191

CVE-2022-22950

CVE-2022-38749

CVE-2022-38750

CVE-2022-38751

CVE-2022-42004

Impacto

Vulnerabilidades de riesgo crítico

CVE-2022-2274: Vulnerabilidad fácil de explotar, existente en el componente Essbase Web Platform (OpenSSL) de Oracle Essbase 21.4, en el producto Siebel CRM de Oracle Siebel CRM 22.10. Permite a un atacante no autenticado con acceso de red via HTTPS comprometer Oracle Essbase o Oracle Siebel CRM 22.1.0, según corresponda.

CVE-2022-22965: Vulnerabilidad en el producto Oracle Commerce Guided Search de Oracle Commerce 11.3.2. Vulnerabilidad fácil de explotar que permite a un atacante no autenticado con acceso de red via HTTP comprometer Oracle Commerce Guided Search.

CVE-2022-42889: Vulnerabilidad en varios productos de Oracle Communications Applications, Oracle Fusion Middleware, Oracle Hyperion, Oracle JD Edwards, Oracle Utilities Applications y Oracle Database Server. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer aquellos productos.

CVE-2022-33980: Vulnerabilidad fácil de explotar que permite a un atacante no autenticado con acceso de red via HTTP comprometer varios productos de Oracle Financial Services Applications, al producto Oracle Communications Elastic Charging Engine de Oracle Communications Applications 12.0.0.5.0-12.0.0.7.0, los productos Oracle Banking Party Management, Oracle Financial Services Crime and Compliance Management Studio y Oracle Banking Enterprise Default Management de Oracle Financial Services Applications 2.7.0. y al producto Oracle Communications Elastic Charging Engine de Oracle Communications Application 12.0.0.5.0-12.0.0.7.0. y 8.0.8.3.1. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer los respectivos productos mencionados.

CVE-2019-17571: Vulnerabilidad en el producto Oracle Communications Unified Assurance de Oracle Communications Applications 5.5.0-5.5.9 y 6.0.0-6.0.1. Fácil de explotar, permite a un atacante no autenticado con acceso de red a través de HTTPS comprometer Oracle Communications Unified Assurance.

CVE-2022-22978: Vulnerabilidad en el producto Oracle Communications Unified Assurance de Oracle Communications Applications 5.5.0-5.5.9 y 6.0.0-6.0.1. Fácil de explotar, permite a un atacante no autenticado con acceso de red a través de HTTPS comprometer Oracle Communications Unified Assurance.

CVE-2022-37454: Vulnerabilidad en el producto Oracle Communications Unified Assurance de Oracle Communications Applications 5.5.0-5.5.9. Fácil de explotar, permite a un atacante no autenticado con acceso de red a través de HTTPS comprometer Oracle Communications Unified Assurance.

CVE-2022-31692: Vulnerabilidad en productos de Oracle Communications 22.3.0 y 22.3.1 y en el producto MySQL Enterprise Monitor de Oracle MySQL 8.0.32 y anteriores. Fácil de explotar, permite a un atacante no autenticado con acceso de red a través de HTTPS comprometer productos de Oracle Communications y MySQL Enterprise Monitor.

CVE-2021-41411: Vulnerabilidad en el producto Oracle Communications Unified Inventory Management de Oracle Communications Applications 7.4.0, 7.4.1, 7.4.2 y 7.5.0. Fácil de explotar, permite a un atacante no autenticado con acceso de red a través de HTTPS comprometer productos de Oracle Communications Unified Inventory Management.

CVE-2022-43403: Vulnerabilidad en el producto Oracle Communications Cloud Native Core Unified Data Repository de Oracle Communications 22.3.3. Fácil de explotar, permite a un atacante con bajos privilegios y acceso de red a través de HTTPS comprometer a Oracle Communications Cloud Native Core Unified Data Repository.

CVE-2022-2526: Vulnerabilidad en el producto Oracle Communications Cloud Native Core Automated Test Suite de Oracle Communications 22.2.2, 22.3.1 y 22.4.0. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle Communications Cloud Native Core Automated Test Suite.

CVE-2022-27404: Vulnerabilidad en varios productos de Oracle Communications 22.2.1 y 22.3.0, y Oracle Fusion Middleware 8.5.6. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle Communications y Oracle Fusion Middleware.

CVE-2022-25315: Vulnerabilidad en el producto Oracle Communications Cloud Native Core Binding Support Function de Oracle Communications 22.2.4. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle Communications.

CVE-2022-42915: Vulnerabilidad en el producto Oracle Communications Cloud Native Core Binding Support Function de Oracle Communications 22.1.1. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle Communications Cloud Native Core Binding Support Function

CVE-2022-37434: Vulnerabilidad en el producto Oracle Communications Cloud Native Core Binding Support Function de Oracle Communications 22.1.1, el producto Oracle Communications Cloud Native Core Security Edge Protection Proxy de Oracle Communications 22.3.1, el producto Oracle Communications Diameter Signaling Router de Oracle Communications 8.6.0.0, el producto Oracle Outside In Technology de Oracle Fusion Middleware 8.5.6, el producto MySQL Workbench de Oracle MySQL 8.0.31, el producto PeopleSoft Enterprise PeopleTools product de Oracle PeopleSoft 8.58, 8.59 y 8.60 y en Oracle TimesTen In-Memory Database, versiones anteriores a la 11.2.2.8.65. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer los respectivos productos mencionados.

CVE-2018-1273: Vulnerabilidad en los productos Oracle Communications Cloud Native Core Binding Support Function de Oracle Communications 22.2.0 y Oracle Healthcare Data Repository de Oracle HealthCare Applications 8.1.0.0-8.1.3.1. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer los respectivos productos mencionados.

CVE-2022-45047: Vulnerabailidad en el producto Oracle Coherence de Oracle Fusion Middleware 14.1.1.0.0, Oracle Global Lifecycle Management NextGen OUI Framework de Oracle Fusion Middleware 13.9.4.2.11, Middleware Common Libraries and Tools de Oracle Fusion Middleware 12.2.1.4.0 y 14.1.1.0.0, y en los productos OSS Support Tools product de Oracle Support Tools 2.12.43, 22.4.22.10.18 y 22.2.22.4.5. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía SSH o HTTPS (dependiendo del producto), pueda comprometer aquellos productos.

CVE-2022-23305: Vulnerabilidad en el producto Oracle Coherence de Oracle Fusion Middleware 12.2.1.3.0 and 12.2.1.4.0. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle Coherence.

CVE-2022-25236: Vulnerabilidad en el producto Oracle HTTP Server de Oracle Fusion Middleware 12.2.1.4.0. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle HTTP Server.

CVE-2022-31813: Vulnerabilidad en el producto Oracle HTTP Server de Oracle Fusion Middleware 12.2.1.4.0. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle HTTP Server.

CVE-2022-40664: Vulnerabilidad en el producto Oracle WebCenter Sites de Oracle Fusion Middleware 12.2.1.4.0. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle WebCenter Sites.

CVE-2018-7489: Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware 12.2.1.3.0, 12.2.1.4.0 y 14.1.1.0.0. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle WebLogic Server.

CVE-2022-42920: Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware 12.2.1.3.0 y 12.2.1.4.0. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle WebLogic Server.

CVE-2022-23457: Vulnerabilidad en el producto Oracle Health Sciences Empirica Signal de Oracle Health Sciences Applications 9.1.0.52 y 9.2.0.52 y el producto Oracle Middleware Common Libraries and Tools de Oracle Fusion Middleware 12.2.1.4.0. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle Health Sciences Empirica Signal y Oracle Middleware Common Libraries and Tools.

CVE-2022-23221: Vulnerabilidad en el producto Oracle Healthcare Translational Research de Oracle HealthCare Applications 4.1.0.0-4.1.1.1. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle Healthcare Translational Research.

CVE-2021-31805: Vulnerabilidad en el producto Oracle Hyperion Infrastructure Technology de Oracle Hyperion 11.2.10. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle Hyperion Infrastructure Technology.

CVE-2022-32221: Vulnerabilidad en el producto Oracle MySQL Server de Oracle MySQL 5.7.40 y anteriores y 8.0.31 y anteriores. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a MySQL Server.

CVE-2020-36242: Vulnerabilidad en el producto MySQL Shell product de Oracle MySQL 8.0.31. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía múltiples protocolos pueda comprometer a MySQL Shell.

CVE-2021-3918: Vulnerabilidad en el producto PeopleSoft Enterprise CC Common Application Objects de Oracle PeopleSoft 9.2. y el producto PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft 8.58, 8.59 y 8.60. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a PeopleSoft Enterprise CC Common Application Objects y PeopleSoft Enterprise PeopleTools.

CVE-2022-23219: Vulnerabilidad en el producto Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers de Oracle Systems anteriores a XCP2411, XCP3111 y XCP4011. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers

CVE-2020-10683: Vulnerabilidad en el producto Oracle Utilities Network Management System de Oracle Utilities Applications 2.3.0.2, 2.4.0.1, 2.5.0.0, 2.5.0.1 y 2.5.0.2. Fácil de explotar, permite que un atacante no autenticado, con acceso de red vía HTTPS, pueda comprometer a Oracle Utilities Network Management System.

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Productos afectados

Enterprise Manager Base Platform13.4.0.0, 13.5.0.0

Enterprise Manager Ops Center12.4.0.0

Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S ServersPrior to XCP2411, prior to XCP3111, prior to XCP4011

GoldenGate Stream AnalyticsPrior to 19.1.0.0.8

Java VM19c, 21c

JD Edwards EnterpriseOne OrchestratorPrior to 9.2.7.2

JD Edwards EnterpriseOne ToolsPrior to 9.2.7.2

Management Cloud Engine22.1.0.0.0

Middleware Common Libraries and Tools12.2.1.4.0, 14.1.1.0.0

MySQL Cluster7.4.38 and prior,7.5.28 and prior,7.6.24 and prior, 8.0.31 and prior

MySQL Connectors8.0.31 and prior

MySQL Enterprise Monitor8.0.32 and prior

MySQL Server5.7.40 and prior

MySQL Server5.7.40 and prior, 8.0.31 and prior

MySQL Server8.0.28 and prior

MySQL Server8.0.29 and prior

MySQL Server8.0.30 and prior

MySQL Server8.0.31 and prior

MySQL Shell8.0.31 and prior

MySQL Workbench8.0.31 and prior

Oracle Access Manager12.2.1.4.0

Oracle Agile PLM9.3.6

Oracle Applications DBA12.2.3-12.2.12

Oracle AutoVuePrior to 21.0.2.0

Oracle AutoVuePrior to 21.0.2.6

Oracle Banking Enterprise Default Management2.6.2

Oracle Banking Enterprise Default Management2.7.0

Oracle Banking Enterprise Default Management2.7.1, 2.12.0

Oracle Banking Loans Servicing2.8.0, 2.12.0

Oracle Banking Party Management2.7.0

Oracle Banking Platform2.6.2, 2.7.1, 2.9.0, 2.12.0

Oracle BI Publisher5.9.0.0.0, 6.4.0.0.0, 12.2.1.4.0

Oracle Business Intelligence Enterprise Edition5.9.0.0.0, 6.4.0.0.0

Oracle Coherence12.2.1.3.0, 12.2.1.4.0

Oracle Coherence14.1.1.0.0

Oracle Collaborative Planning12.2.3-12.2.12

Oracle Commerce Guided Search11.3.2

Oracle Communications Billing and Revenue Management12.0.0.4.0-12.0.0.7.0

Oracle Communications BRM – Elastic Charging Engine12.0.0.3.0-12.0.0.7.0

Oracle Communications Calendar Server8.0.0.6.0

Oracle Communications Cloud Native Core Automated Test Suite22.2.2, 22.3.1, 22.4.0

Oracle Communications Cloud Native Core Binding Support Function22.1.0, 22.2.0

Oracle Communications Cloud Native Core Binding Support Function22.1.1

Oracle Communications Cloud Native Core Binding Support Function22.2.0

Oracle Communications Cloud Native Core Binding Support Function22.2.0, 22.2.2, 22.3.1

Oracle Communications Cloud Native Core Binding Support Function22.2.1

Oracle Communications Cloud Native Core Binding Support Function22.2.2

Oracle Communications Cloud Native Core Binding Support Function22.2.4

Oracle Communications Cloud Native Core Binding Support Function22.3.0

Oracle Communications Cloud Native Core Binding Support Function22.3.0-22.4.0

Oracle Communications Cloud Native Core Binding Support Function22.3.2, 22.2.0

Oracle Communications Cloud Native Core Console22.3.0

Oracle Communications Cloud Native Core Console22.3.0, 22.4.0

Oracle Communications Cloud Native Core Network Data Analytics Function22.0.0.0.0

Oracle Communications Cloud Native Core Network Exposure Function22.3.1

Oracle Communications Cloud Native Core Network Exposure Function22.3.1, 22.4.0

Oracle Communications Cloud Native Core Network Function Cloud Native Environment22.3.0

Oracle Communications Cloud Native Core Network Repository Function22.3.0

Oracle Communications Cloud Native Core Network Repository Function22.3.2

Oracle Communications Cloud Native Core Network Slice Selection Function22.3.1

Oracle Communications Cloud Native Core Network Slice Selection Function22.3.1, 22.4.1

Oracle Communications Cloud Native Core Policy1.11.0

Oracle Communications Cloud Native Core Policy22.3.0

Oracle Communications Cloud Native Core Policy22.3.0, 22.4.0

Oracle Communications Cloud Native Core Security Edge Protection Proxy22.3.1

Oracle Communications Cloud Native Core Security Edge Protection Proxy22.4.0, 22.3.1

Oracle Communications Cloud Native Core Unified Data Repository22.2.2, 22.3.3

Oracle Communications Cloud Native Core Unified Data Repository22.3.3

Oracle Communications Cloud Native Core Unified Data Repository22.3.3, 22.4.0

Oracle Communications Cloud Native Core Unified Data Repository22.3.4, 22.2.3

Oracle Communications Contacts Server8.0.0.7.0

Oracle Communications Converged Application Server7.1.0, 8.0.0

Oracle Communications Convergence3.0.3.1.0

Oracle Communications Design Studio7.4.2

Oracle Communications Diameter Intelligence Hub8.2.3.0

Oracle Communications Diameter Signaling Router8.6.0.0

Oracle Communications Elastic Charging Engine12.0.0.3.0-12.0.0.7.0

Oracle Communications Elastic Charging Engine12.0.0.5.0-12.0.0.7.0

Oracle Communications Instant Messaging Server10.0.1.6.0

Oracle Communications Messaging Server8.1.0.20.0

Oracle Communications MetaSolv Solution6.3.1

Oracle Communications Order and Service Management7.4.0

Oracle Communications Performance Intelligence Center (PIC) Software10.4.0.4.1

Oracle Communications Pricing Design Center12.0.0.5.0-12.0.0.7.0

Oracle Communications Unified Assurance5.5.0-5.5.9

Oracle Communications Unified Assurance5.5.0-5.5.9, 6.0.0-6.0.1

Oracle Communications Unified Inventory Management7.4.0, 7.4.1, 7.4.2

Oracle Communications Unified Inventory Management7.4.0, 7.4.1, 7.4.2, 7.5.0

Oracle Communications Unified Inventory Management7.4.0-7.4.2, 7.5.0

Oracle Communications Unified Inventory Management7.5.0

Oracle Data Provider for .NET19c, 21c

Oracle Database – Machine Learning for Python (Python)21c

Oracle Database – Workload Manager (jackson-databind)21c

Oracle Database (Python)21c

Oracle Database (zlib)19c, 21c

Oracle Database Data Redaction19c, 21c

Oracle Database Fleet Patching (jackson-databind)21c

Oracle Database RDBMS Security19c, 21c

Oracle Demantra Demand Management12.1, 12.2

Oracle Demantra Demand Management12.2.7, 12.2.8, 12.2.9, 12.2.10, 12.2.11, 12.2.12

Oracle Documaker12.4.0-12.7.0

Oracle Essbase21.4

Oracle Financial Services Crime and Compliance Management Studio8.0.8.3.1

Oracle Fusion Middleware MapViewer12.2.1.4.0

Oracle Global Lifecycle Management NextGen OUI FrameworkPrior to 13.9.4.2.11

Oracle GraalVM Enterprise EditionOracle GraalVM Enterprise Edition: 20.3.8, 21.3.4, 22.3.0

Oracle HCM Common Architecture12.2.3-12.2.12

Oracle Health Sciences Empirica Signal9.1.0.52, 9.2.0.52

Oracle Healthcare Data Repository8.1.0.0-8.1.3.1

Oracle Healthcare Translational Research4.1.0.0-4.1.1.1

Oracle Hospitality Cruise Shipboard Property Management System20.2.2

Oracle Hospitality Gift and Loyalty9.1.0

Oracle Hospitality Labor Management9.1.0

Oracle Hospitality Reporting and Analytics9.1.0

Oracle Hospitality Simphony18.2.11, 19.3.4

Oracle HTTP Server12.2.1.4.0

Oracle Hyperion Infrastructure Technology11.2.10

Oracle iSetup12.2.3-12.2.12

Oracle iSupplier Portal12.2.6-12.2.8

Oracle Java SE, Oracle GraalVM Enterprise EditionOracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4, 22.3.0

Oracle Java SE, Oracle GraalVM Enterprise EditionOracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4, 22.3.0

Oracle Java SE, Oracle GraalVM Enterprise EditionOracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4

Oracle Learning Management12.2.3-12.2.12

Oracle Marketing12.2.3-12.2.12

Oracle Middleware Common Libraries and Tools12.2.1.4.0

Oracle Mobile Field Service12.2.3-12.2.12

Oracle Outside In Technology8.5.6

Oracle Retail Service Backbone14.1.3.2, 15.0.3.1, 16.0.3

Oracle Sales for Handhelds12.2.3-12.2.12

Oracle Sales Offline12.2.3-12.2.12

Oracle Self-Service Human Resources12.2.3-12.2.12

Oracle Solaris10, 11

Oracle Stream AnalyticsPrior to 19.1.0.0.8

Oracle TimesTen In-Memory DatabasePrior to 11.2.2.8.65

Oracle Utilities Framework4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0

Oracle Utilities Framework4.4.0.3.0, 4.5.0.0.0

Oracle Utilities Network Management System2.3.0.2, 2.4.0.1, 2.5.0.0, 2.5.0.1, 2.5.0.2

Oracle Utilities Network Management System2.3.0.2, 2.4.0.1, 2.5.0.0-2.5.0.2

Oracle Utilities Network Management System2.5.0.1, 2.5.0.2

Oracle VM VirtualBoxPrior to 6.1.42, prior to 7.0.6

Oracle Web Applications Desktop Integrator12.2.3-12.2.12

Oracle Web Services Manager12.2.1.4.0

Oracle WebCenter Content12.2.1.4.0

Oracle WebCenter Sites12.2.1.4.0

Oracle WebLogic Server12.2.1.3.0, 12.2.1.4.0

Oracle WebLogic Server12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Oracle WebLogic Server14.1.1.0.0

OSS Support Tools2.12.43

OSS Support Tools22.2.22.4.5

OSS Support Tools22.4.22.10.18

PeopleSoft Enterprise CC Common Application Objects9.2

PeopleSoft Enterprise CS Academic Advisement9.2

PeopleSoft Enterprise PeopleTools8.58

PeopleSoft Enterprise PeopleTools8.58, 8.59, 8.60

PeopleSoft Enterprise PeopleTools8.59, 8.60

PeopleSoft Enterprise PeopleTools8.60

Primavera Gateway18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10, 21.12.0-21.12.8

Primavera Unifier18.8, 19.12, 20.12, 21.12, 22.12

ProductSupported Versions Affected

Siebel Apps – Marketing22.10 and prior

Siebel CRM22.10 and prior

Enlaces

https://www.oracle.com/security-alerts/cpujan2023.html

https://www.oracle.com/security-alerts/cpujan2023verbose.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1273

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10693

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11987

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27844

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36242

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2351

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31805

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31812

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36483

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36770

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37533

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3918

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40528

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41411

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42717

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0084

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0492

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1122

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1941

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2053

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22978

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23219

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23457

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24329

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24823

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24839

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24903

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26336

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30126

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3028

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30293

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31129

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31692

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34917

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35737

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36055

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38752

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39271

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39429

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40146

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40153

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40664

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4147

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41720

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42915

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42920

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43403

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21824

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21825

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21826

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21827

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21828

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21829

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21830

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21831

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21832

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21834

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21835

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21836

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21837

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21838

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21839

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21840

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21841

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21842

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21843

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21844

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21845

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21846

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21847

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21848

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21849

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21850

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21851

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21852

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21853

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21854

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21855

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21856

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21857

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21858

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21859

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21860

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21861

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21862

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21863

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21864

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21865

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21866

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21867

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21868

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21869

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21870

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21871

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21872

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21873

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21874

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21875

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21876

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21877

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21878

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21879

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21880

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21881

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21882

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21883

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21884

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21885

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21886

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21887

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21888

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21889

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21890

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21891

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21892

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21893

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21894

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21898

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21899

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21900

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21597

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2191

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38749

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38750

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38751

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00774-01.

9VSA23-00774-01 CSIRT comparte informe de vulnerabilidades parchadas por Oracle en su Critical Patch Update de Enero 2023