Oracle January 2019 Critical Patch Update Multiple Vulnerabilities
BID:106521
Info
Oracle January 2019 Critical Patch Update Multiple Vulnerabilities
| Bugtraq ID: | 106521 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jan 10 2019 12:00AM |
| Updated: | Jan 10 2019 12:00AM |
| Credit: | Oracle |
| Vulnerable: |
Oracle Weblogic Server 10.3.6 0 Oracle Weblogic Server 12.2.1.3 Oracle Weblogic Server 12.1.3.0 Oracle WebCenter Sites 11.1.1 8.0 Oracle WebCenter Portal 12.2.1.3.0 Oracle WebCenter Portal 11.1.1.9.0 Oracle Web Cache 11g 11.1.1.9.0 Oracle VM VirtualBox 5.2.20 Oracle VM VirtualBox 5.2.18 Oracle VM VirtualBox 5.2.16 Oracle VM VirtualBox 5.2.10 Oracle VM VirtualBox 5.2.6 Oracle VM VirtualBox 5.2.4 Oracle VM VirtualBox 5.2.2 Oracle VM VirtualBox 5.2 Oracle Utilities Network Management System 2.3.0.2 Oracle Utilities Network Management System 2.3.0.1 Oracle Utilities Network Management System 2.3.0.0 Oracle Utilities Network Management System 1.12.0.3 Oracle Utilities Framework 4.3.0.4 Oracle Utilities Framework 4.3.0.1 Oracle Transportation Management 6.4.2 Oracle Transportation Management 6.4.1 Oracle Transportation Management 6.4.3 Oracle Transportation Management 6.3.7 Oracle Tape Library ACSLS 8.4 Oracle Sun ZFS Storage Appliance Kit (AK) 8.7.20 Oracle Sun ZFS Storage Appliance Kit (AK) 8.7.19 Oracle Sun ZFS Storage Appliance Kit (AK) 8.7.18 Oracle Sun ZFS Storage Appliance Kit (AK) 8.7.17 Oracle Sun ZFS Storage Appliance Kit (AK) 8.7.13 Oracle Solaris 11 Oracle Solaris 10 Oracle SOA Suite 12.2.1.3.0 Oracle SOA Suite 12.1.3.0.0 Oracle Siebel Applications 18.12 Oracle Siebel Applications 18.11 Oracle Siebel Applications 18.0 Oracle Service Architecture Leveraging Tuxedo 12.2.2.0.0 Oracle Service Architecture Leveraging Tuxedo 12.1.3.0.0 Oracle Secure Global Desktop (SGD) 5.4 Oracle Retail Xstore Payment 3.3 Oracle Retail Workforce Management Software 1.64 Oracle Retail Workforce Management Software 1.60.9 Oracle Retail Service Backbone 16.0 Oracle Retail Service Backbone 15.0 Oracle Retail Service Backbone 14.1 Oracle Retail Service Backbone 14.0 Oracle Retail Service Backbone 13.2 Oracle Retail Service Backbone 13.1 Oracle Retail Sales Audit 15.0 Oracle Retail Returns Management 14.1 Oracle Retail Returns Management 14.0 Oracle Retail Returns Management 13.4 Oracle Retail Returns Management 13.3 Oracle Retail Merchandising System 14.1 Oracle Retail Integration Bus 17.0 Oracle Retail Customer Insights 16.0 Oracle Retail Customer Insights 15.0 Oracle Retail Convenience and Fuel POS Software 2.8.1 Oracle Retail Central Office 14.1 Oracle Retail Central Office 14.0 Oracle Retail Central Office 13.4 Oracle Retail Central Office 13.3 Oracle Retail Back Office 14.1 Oracle Retail Back Office 14.0 Oracle Retail Back Office 13.4 Oracle Retail Back Office 13.3 Oracle Reports Developer 12.2.1.3 Oracle Primavera Unifier 18.8 Oracle Primavera Unifier 17.12 Oracle Primavera Unifier 17.1 Oracle Primavera Unifier 16.2 Oracle Primavera Unifier 16.1 Oracle Primavera P6 Enterprise Project Portfolio Management 8.4 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8 Oracle Primavera P6 Enterprise Project Portfolio Management 17.7 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12 Oracle Primavera P6 Enterprise Project Portfolio Management 16.2 Oracle Primavera P6 Enterprise Project Portfolio Management 15.2 Oracle Primavera P6 Enterprise Project Portfolio Management 15.1 Oracle PeopleSoft Enterprise SCM eProcurement 9.2 Oracle PeopleSoft Enterprise PeopleTools 8.57 Oracle PeopleSoft Enterprise PeopleTools 8.56 Oracle PeopleSoft Enterprise PeopleTools 8.55 Oracle PeopleSoft Enterprise HCM eProfile Manager Desktop 9.2 Oracle PeopleSoft Enterprise CS Campus Community 9.2 Oracle PeopleSoft Enterprise CS Campus Community 9.0 Oracle PeopleSoft Enterprise CC Common Application Objects 9.2 Oracle Outside In Technology 8.5.4 Oracle Outside In Technology 8.5.3 Oracle OSS Support Tools 19.0 Oracle MySQL Workbench 8.0.13 Oracle MySQL Workbench 8.0.11 Oracle MySQL Server 8.0.13 Oracle MySQL Server 8.0.12 Oracle MySQL Server 8.0.11 Oracle MySQL Server 5.7.24 Oracle MySQL Server 5.7.23 Oracle MySQL Server 5.7.22 Oracle MySQL Server 5.7.21 Oracle MySQL Server 5.7.20 Oracle MySQL Server 5.7.19 Oracle MySQL Server 5.7.18 Oracle MySQL Server 5.7.17 Oracle MySQL Server 5.7.16 Oracle MySQL Server 5.7.15 Oracle MySQL Server 5.7.12 Oracle MySQL Server 5.7 Oracle MySQL Server 5.6.42 Oracle MySQL Server 5.6.41 Oracle MySQL Server 5.6.40 Oracle MySQL Server 5.6.39 Oracle MySQL Server 5.6.38 Oracle MySQL Server 5.6.37 Oracle MySQL Server 5.6.36 Oracle MySQL Server 5.6.35 Oracle MySQL Server 5.6.34 Oracle MySQL Server 5.6.33 Oracle MySQL Server 5.6.30 Oracle MySQL Server 5.6.29 Oracle MySQL Server 5.6.28 Oracle MySQL Server 5.6.27 Oracle MySQL Server 5.6.26 Oracle MySQL Server 5.6.23 Oracle MySQL Server 5.6.22 Oracle MySQL Server 5.6.21 Oracle MySQL Server 5.6.25 Oracle MySQL Server 5.6.24 Oracle MySQL Server 5.6.20 Oracle MySQL Server 5.6.16 Oracle MySQL Enterprise Monitor 8.0.13 Oracle MySQL Enterprise Monitor 4.0.7 Oracle MySQL Enterprise Monitor 8.0.2.8191 Oracle MySQL Enterprise Monitor 8.0.0.8131 Oracle MySQL Enterprise Monitor 4.0.6.5281 Oracle MySQL Enterprise Monitor 4.0.4.5235 Oracle MySQL Enterprise Monitor 4.0.2.5168 Oracle MySQL Enterprise Monitor 4.0.0.5135 Oracle MySQL Connectors 8.0.13 Oracle MySQL Connectors 8.0.12 Oracle MySQL Connectors 8.0.11 Oracle MySQL Connectors 2.1.8 Oracle MySQL Connectors 2.1.5 Oracle Managed File Transfer 19.1.0.0.0 Oracle Managed File Transfer 12.1.3.0.0 Oracle JRE(Windows Production Release) 11.0.1 Oracle JRE(Windows Production Release) 1.8 Update 192 Oracle JRE(Windows Production Release) 1.7 Update 201 Oracle JRE(Solaris Production Release) 11.0.1 Oracle JRE(Solaris Production Release) 1.8 Update 192 Oracle JRE(Solaris Production Release) 1.7 Update 201 Oracle JRE(macOS Production Release) 11.0.1 Oracle JRE(macOS Production Release) 1.8 Update 192 Oracle JRE(macOS Production Release) 1.7 Update 201 Oracle JRE(Linux Production Release) 11.0.1 Oracle JRE(Linux Production Release) 1.8 Update 192 Oracle JRE(Linux Production Release) 1.7 Update 201 Oracle JDK(Windows Production Release) 11.0.1 Oracle JDK(Windows Production Release) 1.8 Update 192 Oracle JDK(Windows Production Release) 1.7 Update 201 Oracle JDK(Solaris Production Release) 11.0.1 Oracle JDK(Solaris Production Release) 1.8 Update 192 Oracle JDK(Solaris Production Release) 1.7 Update 201 Oracle JDK(macOS Production Release) 11.0.1 Oracle JDK(macOS Production Release) 1.8 Update 192 Oracle JDK(macOS Production Release) 1.7 Update 201 Oracle JDK(Linux Production Release) 11.0.1 Oracle JDK(Linux Production Release) 1.8 Update 192 Oracle JDK(Linux Production Release) 1.7 Update 201 Oracle JD Edwards World Security A9.4 Oracle JD Edwards World Security A9.3.1 Oracle JD Edwards World Security A9.3 Oracle JD Edwards EnterpriseOne Tools 9.2 Oracle Java Advanced Management Console 2.12 Oracle Insurance Policy Administration J2EE 10.2 Oracle Insurance Policy Administration J2EE 10.0 Oracle Insurance Insbridge Rating and Underwriting 5.5 Oracle Insurance Insbridge Rating and Underwriting 5.4 Oracle Insurance Insbridge Rating and Underwriting 5.2 Oracle Insurance Calculation Engine 10.2 Oracle Hyperion BI+ 11.1.2.4 Oracle HTTP Server 12.2.1.3 Oracle Hospitality Simphony 2.10 Oracle Hospitality Reporting and Analytics 9.1 Oracle Hospitality Cruise Shipboard Property Management System 8.0.8 Oracle Hospitality Cruise Fleet Management 9.0.10 Oracle Healthcare Master Person Index 4.0 Oracle Healthcare Master Person Index 3.0 Oracle Healthcare Foundation 7.2 Oracle Healthcare Foundation 7.1 Oracle Health Sciences Information Manager 3.0 Oracle GoldenGate Application Adapters 12.3.2.1.1 Oracle Fusion Middleware MapViewer 12.2.1.3.0 Oracle FLEXCUBE Investor Servicing 14.0 Oracle FLEXCUBE Investor Servicing 12.4 Oracle FLEXCUBE Investor Servicing 12.3 Oracle FLEXCUBE Investor Servicing 12.1 Oracle FLEXCUBE Investor Servicing 12.0.4 Oracle FLEXCUBE Direct Banking 12.0.2 Oracle Financial Services Analytical Applications Infrastructure 8.0.7 Oracle Financial Services Analytical Applications Infrastructure 8.0.6 Oracle Financial Services Analytical Applications Infrastructure 8.0.5 Oracle Financial Services Analytical Applications Infrastructure 8.0.4 Oracle Financial Services Analytical Applications Infrastructure 8.0.3 Oracle Financial Services Analytical Applications Infrastructure 8.0.2 Oracle Financial Services Analytical Applications Infrastructure 8.0.1 Oracle Financial Services Analytical Applications Infrastructure 7.3.5 Oracle Financial Services Analytical Applications Infrastructure 7.3.3 Oracle Enterprise Repository 12.1.3.0.0 Oracle Enterprise Manager Ops Center 12.3.3 Oracle Enterprise Manager Ops Center 12.2.2 Oracle Enterprise Manager for Virtualization 13.3.1 Oracle Enterprise Manager for Virtualization 13.2.3 Oracle Enterprise Manager for Virtualization 13.2.2 Oracle Enterprise Manager Base Platform 13.3 Oracle Enterprise Manager Base Platform 13.2.0.0 Oracle Enterprise Manager Base Platform 12.1.0.5 Oracle Endeca Server 7.7.0 Oracle E-Business Suite 12.2.8 Oracle E-Business Suite 12.2.7 Oracle E-Business Suite 12.2.6 Oracle E-Business Suite 12.2.3 Oracle E-Business Suite 12.1.2 Oracle E-Business Suite 12.1.1 Oracle E-Business Suite 12.2.5 Oracle E-Business Suite 12.2.4 Oracle E-Business Suite 12.1.3 Oracle Database Server 18c Oracle Database 12c Release 2 12.2.0.1 Oracle Database 12c Release 1 12.1 2 Oracle Database 11g Release 2 11.2.0.4 Oracle Communications WebRTC Session Controller 7.1 Oracle Communications WebRTC Session Controller 7.0 Oracle Communications Unified Inventory Management 7.3 Oracle Communications Unified Inventory Management 7.1 Oracle Communications Unified Inventory Management 7.0 Oracle Communications Services Gatekeeper 6.0 Oracle Communications Services Gatekeeper 5.1 Oracle Communications Service Broker 6.0 Oracle Communications Policy Management 12.1.1 Oracle Communications Policy Management 12.1 Oracle Communications Policy Management 12.2 Oracle Communications Policy Management 12.0 Oracle Communications Performance Intelligence Center (PIC) Software 10.2 Oracle Communications Performance Intelligence Center (PIC) Software 10.1.5.1 Oracle Communications Online Mediation Controller 6.1 Oracle Communications Diameter Signaling Router 7.0 Oracle Communications Converged Application Server - Service Controller 6.1 Oracle Communications Converged Application Server 7.0 Oracle Communications Billing and Revenue Management 7.5 Oracle Communications Billing and Revenue Management 12.0 Oracle Business Process Management Suite 12.2.1.3.0 Oracle Business Process Management Suite 12.1.3.0.0 Oracle Business Process Management Suite 11.1.1.9.0 Oracle Banking Platform 2.6.2 Oracle Banking Platform 2.6.1 Oracle Banking Platform 2.6 Oracle Banking Platform 2.5.0 Oracle Argus Safety 8.2 Oracle Argus Safety 8.1 Oracle Application Testing Suite 13.3.0.1 Oracle Application Testing Suite 13.2.0.1 Oracle Application Testing Suite 13.1.0.1 Oracle API Gateway 11.1.2.4.0 Oracle Agile Product Lifecycle Management for Process 6.2.3.1 Oracle Agile Product Lifecycle Management for Process 6.2.3.0 Oracle Agile Product Lifecycle Management for Process 6.2.2.0 Oracle Agile Product Lifecycle Management for Process 6.2.1.0 Oracle Agile Product Lifecycle Management for Process 6.2.0.0 Oracle Agile PLM 9.3.5 Oracle Agile PLM 9.3.3 Oracle Agile PLM 9.3.6 Oracle Agile PLM 9.3.4 Oracle Agile Engineering Data Management 6.2.1 Oracle Agile Engineering Data Management 6.2 Oracle Agile Engineering Data Management 6.1.3 |
| Not Vulnerable: |
Oracle VM VirtualBox 6.0.2 Oracle VM VirtualBox 5.2.24 Oracle Sun ZFS Storage Appliance Kit (AK) 8.8.1 Oracle OSS Support Tools 19.1 Oracle Enterprise Session Border Controller ECz800p5 Oracle Enterprise Session Border Controller ECz750p12 Oracle Enterprise Communications Broker PCz300p2 Oracle Enterprise Communications Broker PCz220p1 Oracle Communications WebRTC Session Controller 7.2 Oracle Communications Unified Session Manager SCz810m1p9 Oracle Communications Unified Session Manager SCz741m1p5 Oracle Communications Unified Session Manager SCz740m2p3 Oracle Communications Unified Inventory Management 7.4 Oracle Communications Session Border Controller SCz810m1p9 Oracle Communications Session Border Controller SCz800p7 Oracle Communications Session Border Controller SCz741m1p5 Oracle Communications Session Border Controller SCz740m2p3 Oracle Communications Session Border Controller SCz7310p4 Oracle Communications Services Gatekeeper 6.1.0.4.0 Oracle Communications Policy Management 12.5 Oracle Communications Performance Intelligence Center (PIC) Software 10.2.1 Oracle Communications Diameter Signaling Router 8.3 Oracle Communications Converged Application Server 7.0.0.1 |
Discussion
Oracle January 2019 Critical Patch Update Multiple Vulnerabilities
Oracle has released advance notification regarding the January 2019 Critical Patch Update (CPU) to be released on January 15, 2019. The update addresses 276 vulnerabilities affecting the following software:
Enterprise Manager Base Platform, versions 12.1.0.5, 13.2, 13.3
Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3, 13.3.1
Enterprise Manager Ops Center, versions 12.2.2, 12.3.3
Hyperion BI+, version 11.1.2.4
Java Advanced Management Console, version 2.12
JD Edwards EnterpriseOne Tools, version 9.2
JD Edwards World Security, versions A9.3, A9.3.1, A9.4
MySQL Connectors, versions 2.1.8 and prior, 8.0.13 and prior
MySQL Enterprise Monitor, versions 4.0.7 and prior, 8.0.13 and prior
MySQL Server, versions 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior
MySQL Workbench, versions 8.0.13 and prior
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6
Oracle Agile Product Lifecycle Management for Process, versions 6.2.0.0, 6.2.1.0, 6.2.2.0, 6.2.3.0, 6.2.3.1
Oracle API Gateway, version 11.1.2.4.0
Oracle Application Testing Suite, versions 13.1.0.1, 13.2.0.1, 13.3.0.1
Oracle Argus Safety, versions 8.1, 8.2
Oracle Banking Platform, versions 2.5.0, 2.6.0, 2.6.1, 2.6.2
Oracle Business Process Management Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
Oracle Communications Billing and Revenue Management, versions 7.5, 12.0
Oracle Communications Converged Application Server, versions prior to 7.0.0.1
Oracle Communications Converged Application Server - Service Controller, version 6.1
Oracle Communications Diameter Signaling Router (DSR), versions prior to 8.3
Oracle Communications Online Mediation Controller, version 6.1
Oracle Communications Performance Intelligence Center (PIC) Software, versions prior to 10.2.1
Oracle Communications Policy Management, versions prior to 12.5
Oracle Communications Service Broker, version 6.0
Oracle Communications Services Gatekeeper, versions prior to 6.1.0.4.0
Oracle Communications Session Border Controller, versions prior to SCz7310p4, prior to SCz740m2p3, prior to SCz741m1p5, prior to SCz800p7, prior to SCz810m1p9
Oracle Communications Unified Inventory Management, versions prior to 7.4.0
Oracle Communications Unified Session Manager, versions prior to SCz740m2p3, prior to SCz741m1p5, prior to SCz810m1p9
Oracle Communications WebRTC Session Controller, versions prior to 7.2
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8
Oracle Endeca Server, version 7.7.0
Oracle Enterprise Communications Broker, versions prior to PCz220p1, prior to PCz300p2
Oracle Enterprise Repository, versions 12.1.3.0.0
Oracle Enterprise Session Border Controller, versions prior to ECz750p12, prior to ECz800p5
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3, 7.3.5, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7
Oracle FLEXCUBE Direct Banking, version 12.0.2
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0
Oracle Fusion Middleware MapViewer, version 12.2.1.3.0
Oracle GoldenGate Application Adapters, version 12.3.2.1.1
Oracle Health Sciences Information Manager, version 3.0
Oracle Healthcare Foundation, versions 7.1, 7.2
Oracle Healthcare Master Person Index, versions 3.0, 4.0
Oracle Hospitality Cruise Fleet Management, version 9.0.10
Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.8
Oracle Hospitality Reporting and Analytics, version 9.1.0
Oracle Hospitality Simphony, version 2.10
Oracle HTTP Server, version 12.2.1.3
Oracle Insurance Calculation Engine, version 10.2
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2, 5.4, 5.5
Oracle Insurance Policy Administration J2EE, versions 10.0, 10.2
Oracle Insurance Rules Palette, versions 10.0, 10.2
Oracle Java SE, versions 7u201, 8u192, 11.0.1
Oracle Java SE Embedded, version 8u191
Oracle Managed File Transfer, versions 12.2.1.3.0, 19.1.0.0.0
Oracle Outside In Technology, versions 8.5.3, 8.5.4
Oracle Reports Developer, version 12.2.1.3
Oracle Retail Back Office, versions 13.3, 13.4, 14.0, 14.1
Oracle Retail Central Office, versions 13.3, 13.4, 14.0, 14.1
Oracle Retail Convenience and Fuel POS Software, version 2.8.1
Oracle Retail Customer Insights, versions 15.0, 16.0
Oracle Retail Integration Bus, version 17.0
Oracle Retail Merchandising System, version 14.1
Oracle Retail Returns Management, versions 13.3, 13.4, 14.0, 14.1
Oracle Retail Sales Audit, version 15.0
Oracle Retail Service Backbone, versions 13.1, 13.2, 14.0, 14.1, 15.0, 16.0
Oracle Retail Workforce Management Software, versions 1.60.9, 1.64.0
Oracle Retail Xstore Payment, version 3.3
Oracle Secure Global Desktop (SGD), version 5.4
Oracle Service Architecture Leveraging Tuxedo, versions 12.1.3.0.0, 12.2.2.0.0
Oracle SOA Suite, versions 12.1.3.0.0, 12.2.1.3.0
Oracle Transportation Management, versions 6.3.7, 6.4.1, 6.4.2, 6.4.3
Oracle Utilities Framework, version 4.3.0.1-4.3.0.4
Oracle Utilities Network Management System, versions 1.12.0.3, 2.3.0.0, 2.3.0.1, 2.3.0.2
Oracle VM VirtualBox, versions prior to 5.2.24, prior to 6.0.2
Oracle Web Cache, version 11.1.1.9.0
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0
Oracle WebCenter Sites, version 11.1.1.8.0
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.3
OSS Support Tools, versions prior to 19.1
PeopleSoft Enterprise CC Common Application Objects, version 9.2
PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2
PeopleSoft Enterprise HCM eProfile Manager Desktop, version 9.2
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57
PeopleSoft Enterprise SCM eProcurement, version 9.2
Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12, 18.8
Primavera Unifier, versions 16.1, 16.2, 17.1-17.12, 18.8
Siebel Applications, versions 18.10, 18.11, 18.12
Solaris, versions 10, 11
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.8.1
Tape Library ACSLS, version 8.4
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.
Oracle has released advance notification regarding the January 2019 Critical Patch Update (CPU) to be released on January 15, 2019. The update addresses 276 vulnerabilities affecting the following software:
Enterprise Manager Base Platform, versions 12.1.0.5, 13.2, 13.3
Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3, 13.3.1
Enterprise Manager Ops Center, versions 12.2.2, 12.3.3
Hyperion BI+, version 11.1.2.4
Java Advanced Management Console, version 2.12
JD Edwards EnterpriseOne Tools, version 9.2
JD Edwards World Security, versions A9.3, A9.3.1, A9.4
MySQL Connectors, versions 2.1.8 and prior, 8.0.13 and prior
MySQL Enterprise Monitor, versions 4.0.7 and prior, 8.0.13 and prior
MySQL Server, versions 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior
MySQL Workbench, versions 8.0.13 and prior
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6
Oracle Agile Product Lifecycle Management for Process, versions 6.2.0.0, 6.2.1.0, 6.2.2.0, 6.2.3.0, 6.2.3.1
Oracle API Gateway, version 11.1.2.4.0
Oracle Application Testing Suite, versions 13.1.0.1, 13.2.0.1, 13.3.0.1
Oracle Argus Safety, versions 8.1, 8.2
Oracle Banking Platform, versions 2.5.0, 2.6.0, 2.6.1, 2.6.2
Oracle Business Process Management Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
Oracle Communications Billing and Revenue Management, versions 7.5, 12.0
Oracle Communications Converged Application Server, versions prior to 7.0.0.1
Oracle Communications Converged Application Server - Service Controller, version 6.1
Oracle Communications Diameter Signaling Router (DSR), versions prior to 8.3
Oracle Communications Online Mediation Controller, version 6.1
Oracle Communications Performance Intelligence Center (PIC) Software, versions prior to 10.2.1
Oracle Communications Policy Management, versions prior to 12.5
Oracle Communications Service Broker, version 6.0
Oracle Communications Services Gatekeeper, versions prior to 6.1.0.4.0
Oracle Communications Session Border Controller, versions prior to SCz7310p4, prior to SCz740m2p3, prior to SCz741m1p5, prior to SCz800p7, prior to SCz810m1p9
Oracle Communications Unified Inventory Management, versions prior to 7.4.0
Oracle Communications Unified Session Manager, versions prior to SCz740m2p3, prior to SCz741m1p5, prior to SCz810m1p9
Oracle Communications WebRTC Session Controller, versions prior to 7.2
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8
Oracle Endeca Server, version 7.7.0
Oracle Enterprise Communications Broker, versions prior to PCz220p1, prior to PCz300p2
Oracle Enterprise Repository, versions 12.1.3.0.0
Oracle Enterprise Session Border Controller, versions prior to ECz750p12, prior to ECz800p5
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3, 7.3.5, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7
Oracle FLEXCUBE Direct Banking, version 12.0.2
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0
Oracle Fusion Middleware MapViewer, version 12.2.1.3.0
Oracle GoldenGate Application Adapters, version 12.3.2.1.1
Oracle Health Sciences Information Manager, version 3.0
Oracle Healthcare Foundation, versions 7.1, 7.2
Oracle Healthcare Master Person Index, versions 3.0, 4.0
Oracle Hospitality Cruise Fleet Management, version 9.0.10
Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.8
Oracle Hospitality Reporting and Analytics, version 9.1.0
Oracle Hospitality Simphony, version 2.10
Oracle HTTP Server, version 12.2.1.3
Oracle Insurance Calculation Engine, version 10.2
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2, 5.4, 5.5
Oracle Insurance Policy Administration J2EE, versions 10.0, 10.2
Oracle Insurance Rules Palette, versions 10.0, 10.2
Oracle Java SE, versions 7u201, 8u192, 11.0.1
Oracle Java SE Embedded, version 8u191
Oracle Managed File Transfer, versions 12.2.1.3.0, 19.1.0.0.0
Oracle Outside In Technology, versions 8.5.3, 8.5.4
Oracle Reports Developer, version 12.2.1.3
Oracle Retail Back Office, versions 13.3, 13.4, 14.0, 14.1
Oracle Retail Central Office, versions 13.3, 13.4, 14.0, 14.1
Oracle Retail Convenience and Fuel POS Software, version 2.8.1
Oracle Retail Customer Insights, versions 15.0, 16.0
Oracle Retail Integration Bus, version 17.0
Oracle Retail Merchandising System, version 14.1
Oracle Retail Returns Management, versions 13.3, 13.4, 14.0, 14.1
Oracle Retail Sales Audit, version 15.0
Oracle Retail Service Backbone, versions 13.1, 13.2, 14.0, 14.1, 15.0, 16.0
Oracle Retail Workforce Management Software, versions 1.60.9, 1.64.0
Oracle Retail Xstore Payment, version 3.3
Oracle Secure Global Desktop (SGD), version 5.4
Oracle Service Architecture Leveraging Tuxedo, versions 12.1.3.0.0, 12.2.2.0.0
Oracle SOA Suite, versions 12.1.3.0.0, 12.2.1.3.0
Oracle Transportation Management, versions 6.3.7, 6.4.1, 6.4.2, 6.4.3
Oracle Utilities Framework, version 4.3.0.1-4.3.0.4
Oracle Utilities Network Management System, versions 1.12.0.3, 2.3.0.0, 2.3.0.1, 2.3.0.2
Oracle VM VirtualBox, versions prior to 5.2.24, prior to 6.0.2
Oracle Web Cache, version 11.1.1.9.0
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0
Oracle WebCenter Sites, version 11.1.1.8.0
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.3
OSS Support Tools, versions prior to 19.1
PeopleSoft Enterprise CC Common Application Objects, version 9.2
PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2
PeopleSoft Enterprise HCM eProfile Manager Desktop, version 9.2
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57
PeopleSoft Enterprise SCM eProcurement, version 9.2
Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12, 18.8
Primavera Unifier, versions 16.1, 16.2, 17.1-17.12, 18.8
Siebel Applications, versions 18.10, 18.11, 18.12
Solaris, versions 10, 11
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.8.1
Tape Library ACSLS, version 8.4
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.
Solution / Fix
Oracle January 2019 Critical Patch Update Multiple Vulnerabilities
Solution:
The vendor planned to release updates to address these issues on January 15, 2019. Please see the references for more information.
Solution:
The vendor planned to release updates to address these issues on January 15, 2019. Please see the references for more information.
References
Oracle January 2019 Critical Patch Update Multiple Vulnerabilities
References:
References:
- Oracle Homepage (Oracle)
- Oracle Critical Patch Update Advisory - January 2019 (Oracle)