Oracle发布2023年4月重要补丁更新公告CPU

原创通讯员 2023-04-23

1766

2023年4月18日，Oracle发布了2023年4月份的安全更新（安全公告编号:CNTA-2023-0007），修复了其多款产品存在的433个安全漏洞。受影响的产品包括：Oracle Database Server数据库（5个）、Oracle Blockchain Platform（7个）、Oracle Essbase（4个）、Oracle GoldenGate（2个）、Oracle Graph Server and Client（1个）、Oracle NoSQL Database（1个）、Oracle REST Data Services（1个）、Oracle SQL Developer（2个）、Oracle Commerce（6个）、Oracle Communications Applications（18个）、Oracle Communications（77个）、Oracle Construction and Engineering（4个）、电子商务套装软件Oracle E-Business Suite（4个）、Oracle Enterprise Manager（4个）、Oracle Financial Services Applications（76个）、中间件产品Fusion Middleware（49个）、Oracle Analytics（20个）、Oracle Health Sciences Applications（10个）、Oracle HealthCare Applications（10个）、Oracle Hospitality Applications（1个）、Oracle Hyperion（2个）、Oracle iLearning（3个）、Oracle Insurance Applications（9个）、Oracle Java SE（8个）、Oracle JD Edwards（14个）、Oracle MySQL数据库（34个）、Oracle PeopleSoft（10个）、Oracle Retail Applications（22个）、Oracle Siebel CRM（6个）、Oracle Supply Chain（2个）、Oracle Systems（6个）、Oracle Utilities Applications（4个）和Oracle Virtualization（11个）。Oracle强烈建议客户尽快应用关键补丁更新修复程序，对漏洞进行修复。

参考信息：

https://www.oracle.com/security-alerts/cpuapr2023.html

重点漏洞概述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞，请相关用户重点进行关注：

Oracle WebLogic Server 信息泄露漏洞（CVE-2023-21931/ CVE-2023-21979）：

Oracle WebLogic Server存在信息泄露漏洞，未经身份验证的攻击者通过T3协议向受影响的服务器发送特制的请求，可能实现对关键数据的非法访问或对所有Oracle WebLogic Server所有数据的完全访问，造成敏感信息泄露。

Oracle WebLogic Server拒绝服务漏洞（CVE-2023-21996）：

Oracle WebLogic Server中存在拒绝服务漏洞，未经身份验证的攻击者通过HTTP协议向受影响的服务器发送恶意的请求，可能导致Oracle WebLogic Server挂起，或者程序崩溃，从而造成拒绝服务。

Oracle MySQL多个漏洞：

此次安全更新针对Oracle MySQL发布了34个安全补丁, 其中11个漏洞在未经用户身份验证的情况下远程进行利用，即无需用户凭据即可通过网络利用。高危漏洞编号如下：

CVE-2022-37434

CVE-2022-43548

Oracle Financial Services Applications多个漏洞：

此次安全更新针对Oracle Financial Services Applications发布了76个安全补丁。其中的59个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下：

CVE-2023-25194

CVE-2023-24998

Oracle Insurance Applications多个漏洞：

此次安全更新针对Oracle Insurance Applications发布了9个安全补丁。这9个漏洞在未经用户身份验证的情况下即可远程进行利用。攻击者可以通过HTTP访问网络发送恶意请求，从而控制产品中的组件实现对关键数据完全访问。高危漏洞编号如下：

CVE-2020-35168

CVE-2022-27404

CVE-2022-22965

CVE-2020-11987

Oracle Communications多个漏洞：

此次安全更新针对Oracle Communications发布了77个安全补丁，其中的65个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下：

CVE-2023-25613

CVE-2023-25690

Oracle Communications Applications多个漏洞：

此次安全更新针对Oracle Communications Applications发布了18个安全补丁。其中的13个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞如下：

CVE-2020-35168

CVE-2022-1471

CVE-2022-36760

CVE-2020-7009

Oracle E-Business Suite多个漏洞：

此次安全更新针对Oracle E-Business Suite发布了4个安全补丁。这4个漏洞在未经用户身份验证的情况下不可远程进行利用。高危漏洞编号如下：

CVE-2023-21978

Oracle Retail Applications多个漏洞：

此次安全更新针对Oracle Retail Applications发布了22个安全补丁。其中有16个漏洞在未经用户身份验证的情况下即可远程进行利用。高危漏洞编号如下：

CVE-2022-45047

Oracle官方4月关键补丁更新漏洞总结如下：

产品	漏洞个数	未授权远程利用的个数	最高CVSS评分
Oracle Database Products Risk Matrices	5	0	6.8
Oracle Database Server	5	0	6.8
Oracle Big Data Spatial and Graph	7	5	7.7
Oracle Blockchain Platform	7	5	7.7
Oracle Essbase	4	4	5.9
Oracle GoldenGate	2	1	9.8
Oracle Graph Server and Client	1	0	6.5
Oracle NoSQL Database	1	0	6.5
Oracle REST Data Services	1	0	6.5
Oracle SQL Developer	2	1	6.7
Oracle TimesTen In-Memory Database	6	6	9.8
Oracle Commerce	6	6	9.8
Oracle Communications Applications	18	13	9.8
Oracle Communications	77	65	9.9
Oracle Construction and Engineering	4	3	9.8
Oracle E-Business Suite	4	0	6.5
Oracle Enterprise Manager	4	3	7.5
Oracle Financial Services Applications	76	59	9.8
Oracle Fusion Middleware	49	44	9.8
Oracle Analytics	20	12	9.8
Oracle Health Sciences Applications	10	3	8.8
Oracle HealthCare Applications	10	8	9.8
Oracle Hospitality Applications	1	0	7.2
Oracle Hyperion	2	1	9.8
Oracle iLearning	3	2	8.3
Oracle Insurance Applications	9	9	9.8
Oracle Java SE	8	7	7.4
Oracle JD Edwards	14	8	9.8
Oracle MySQL	34	11	9.8
Oracle PeopleSoft	10	8	9.8
Oracle Retail Applications	22	16	9.8
Oracle Siebel CRM	6	3	7.5
Oracle Supply Chain	2	2	7.5
Oracle Systems	6	0	7.8
Oracle Utilities Applications	4	3	9.8
Oracle Virtualization	11	1	8.2

漏洞防护

补丁更新

请用户参考本文附录“受影响产品及补丁信息”及时下载受影响产品更新补丁，并参照补丁安装包中的readme文件进行安装更新，以保证长期有效的防护。

注：Oracle官方补丁需要用户持有正版软件的许可账号，使用该账号登陆https://support.oracle.com后，可以下载最新补丁。

附录受影响产品及补丁信息

受影响产品及版本号	可用补丁
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.7.3	https://support.oracle.com/rs?type=doc&id=2939855.1
JD Edwards EnterpriseOne Tools, versions prior to 9.2.7.3	https://support.oracle.com/rs?type=doc&id=2939855.1
JD Edwards World Security, version A9.4	https://support.oracle.com/rs?type=doc&id=2939855.1
Management Cloud Engine, version 22.1.0.0.0	https://support.oracle.com/rs?type=doc&id=2942213.1
MySQL Cluster, versions 7.5.29 and prior, 7.6.25 and prior, 8.0.32 and prior	https://support.oracle.com/rs?type=doc&id=2937307.1
MySQL Connectors, versions 8.0.32 and prior	https://support.oracle.com/rs?type=doc&id=2937307.1
MySQL Enterprise Monitor, versions 8.0.33 and prior	https://support.oracle.com/rs?type=doc&id=2937307.1
MySQL Server, versions 5.7.41 and prior, 8.0.32 and prior	https://support.oracle.com/rs?type=doc&id=2937307.1
MySQL Workbench, versions 8.0.32 and prior	https://support.oracle.com/rs?type=doc&id=2937307.1
Oracle Access Manager, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle Agile PLM, version 9.3.6	https://support.oracle.com/rs?type=doc&id=2939856.1
Oracle Application Testing Suite, version 13.3.0.1	https://support.oracle.com/rs?type=doc&id=2923367.1
Oracle Argus Insight, versions prior to 8.2.3	https://support.oracle.com/rs?type=doc&id=2938697.1
Oracle Argus Safety, versions prior to 8.2.3	https://support.oracle.com/rs?type=doc&id=2938697.1
Oracle Banking APIs, versions 18.2, 18.3, 19.1, 19.2, 21.1, 22.1, 22.2	https://support.oracle.com
Oracle Banking Corporate Lending, versions 14.0-14.3, 14.5-14.7	https://support.oracle.com
Oracle Banking Corporate Lending Process Management, versions 14.4-14.7	https://support.oracle.com
Oracle Banking Digital Experience, versions 18.2, 18.3, 19.1, 19.2, 21.1, 22.1, 22.2	https://support.oracle.com
Oracle Banking Payments, versions 14.5, 14.6, 14.7	https://support.oracle.com
Oracle Banking Trade Finance, versions 14.5, 14.6, 14.7	https://support.oracle.com
Oracle Banking Treasury Management, versions 14.5, 14.6, 14.7	https://support.oracle.com
Oracle Banking Virtual Account Management, versions 14.5, 14.6, 14.7	https://support.oracle.com
Oracle BI Publisher, versions 6.4.0.0.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936091.2
Oracle Big Data Spatial and Graph, versions prior to 23.1	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle Blockchain Platform, versions prior to 21.1.3	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle Business Intelligence Enterprise Edition, versions 5.9.0.0.0, 6.4.0.0.0, 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936091.2
Oracle Business Process Management Suite, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle Clinical Remote Data Capture, version 5.4.0.2	https://support.oracle.com/rs?type=doc&id=2938697.1
Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle Commerce Guided Search, version 11.3.2	https://support.oracle.com/rs?type=doc&id=2939844.1
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2	https://support.oracle.com/rs?type=doc&id=2939844.1
Oracle Communications Cloud Native Configuration Console, versions 22.4.1, 23.1.0	https://support.oracle.com/rs?type=doc&id=2938418.1
Oracle Communications Cloud Native Core Automated Test Suite, versions 22.3.1, 22.4.0	https://support.oracle.com/rs?type=doc&id=2938415.1
Oracle Communications Cloud Native Core Binding Support Function, versions 22.4.0-22.4.4, 23.1.0-23.1.1	https://support.oracle.com/rs?type=doc&id=2938417.1
Oracle Communications Cloud Native Core Console, versions 22.3.0, 22.4.0	https://support.oracle.com/rs?type=doc&id=2938418.1
Oracle Communications Cloud Native Core Network Exposure Function, versions 22.4.2, 23.1.0	https://support.oracle.com/rs?type=doc&id=2938420.1
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 22.4.0	https://support.oracle.com/rs?type=doc&id=2938434.1
Oracle Communications Cloud Native Core Network Repository Function, version 23.1.0	https://support.oracle.com/rs?type=doc&id=2938435.1
Oracle Communications Cloud Native Core Policy, versions 22.4.0-22.4.4, 23.1.0-23.1.1	https://support.oracle.com/rs?type=doc&id=2938436.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.4.0, 22.4.1, 22.4.2, 23.1.0	https://support.oracle.com/rs?type=doc&id=2938437.1
Oracle Communications Cloud Native Core Service Communication Proxy, versions 22.3.0, 22.4.0	https://support.oracle.com/rs?type=doc&id=2942394.1
Oracle Communications Cloud Native Core Unified Data Repository, versions 22.4.1, 23.1.0	https://support.oracle.com/rs?type=doc&id=2938438.1
Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0	https://support.oracle.com/rs?type=doc&id=2936023.1
Oracle Communications Core Session Manager, versions 8.45, 9.15	https://support.oracle.com/rs?type=doc&id=2938621.1
Oracle Communications Diameter Signaling Router, version 8.6.0.0	https://support.oracle.com/rs?type=doc&id=2938440.1
Oracle Communications Element Manager, versions 9.0.0, 9.0.1	https://support.oracle.com/rs?type=doc&id=2938441.1
Oracle Communications IP Service Activator, versions 7.4.0, 7.5.0	https://support.oracle.com/rs?type=doc&id=2936021.1
Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0	https://support.oracle.com/rs?type=doc&id=2936023.1
Oracle Communications Operations Monitor, version 5.0	https://support.oracle.com/rs?type=doc&id=2938442.1
Oracle Communications Order and Service Management, version 7.4.1	https://support.oracle.com/rs?type=doc&id=2936012.1
Oracle Communications Policy Management, version 12.6.0.0.0	https://support.oracle.com/rs?type=doc&id=2938443.1
Oracle Communications Services Gatekeeper, version 7.0.0.0.0	https://support.oracle.com/rs?type=doc&id=2938446.1
Oracle Communications Session Border Controller, versions 9.0, 9.1	https://support.oracle.com/rs?type=doc&id=2938613.1
Oracle Communications Session Report Manager, versions 9.0.0, 9.0.1	https://support.oracle.com/rs?type=doc&id=2938447.1
Oracle Communications Session Router, versions 9.0, 9.1	https://support.oracle.com/rs?type=doc&id=2938613.1
Oracle Communications Subscriber-Aware Load Balancer, versions 9.0, 9.1	https://support.oracle.com/rs?type=doc&id=2938613.1
Oracle Communications Unified Assurance, versions 5.5.0-5.5.10, 6.0.0-6.0.2	https://support.oracle.com/rs?type=doc&id=2936013.1
Oracle Communications Unified Inventory Management, versions 7.4.0, 7.4.1, 7.4.2, 7.5.0	https://support.oracle.com/rs?type=doc&id=2936066.1
Oracle Communications User Data Repository, version 12.6.1.0.0	https://support.oracle.com/rs?type=doc&id=2938448.1
Oracle Data Integrator, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle Database Server, versions 19c, 21c	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle Documaker, versions 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0, 12.7.1.0.0	https://support.oracle.com/rs?type=doc&id=2939209.1
Oracle E-Business Suite, versions 12.2.3-12.2.12	https://support.oracle.com/rs?type=doc&id=2484000.1
Oracle Enterprise Communications Broker, versions 3.3, 4.0	https://support.oracle.com/rs?type=doc&id=2938617.1
Oracle Enterprise Manager Ops Center, version 12.4.0.0	https://support.oracle.com/rs?type=doc&id=2923367.1
Oracle Enterprise Session Router, version 9.1	https://support.oracle.com/rs?type=doc&id=2938613.1
Oracle Essbase, version 21.4	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1, 8.1.2.2	https://support.oracle.com/rs?type=doc&id=2939767.1
Oracle Financial Services Analytical Applications Reconciliation Framework, versions 8.0.7.1.2, 8.1.1.1.7	https://support.oracle.com/rs?type=doc&id=2939780.1
Oracle Financial Services Asset Liability Management, version 8.0.7.8.0	https://support.oracle.com/rs?type=doc&id=2940045.1
Oracle Financial Services Balance Computation Engine, version 8.1.1.1.1	https://support.oracle.com/rs?type=doc&id=2942325.1
Oracle Financial Services Balance Sheet Planning, version 8.0.8.1.4	https://support.oracle.com/rs?type=doc&id=2940043.1
Oracle Financial Services Behavior Detection Platform, versions 8.0.8.1, 8.1.1.1, 8.1.2.3, 8.1.2.4	https://support.oracle.com/rs?type=doc&id=2936356.1
Oracle Financial Services Compliance Studio, version 8.1.2.4	https://support.oracle.com/rs?type=doc&id=2936394.1
Oracle Financial Services Crime and Compliance Management Studio, version 8.0.8.3.5	https://support.oracle.com/rs?type=doc&id=2936386.1
Oracle Financial Services Currency Transaction Reporting, versions 8.0.8.1.0, 8.1.1.1.0, 8.1.2.3.0, 8.1.2.4.1	https://support.oracle.com/rs?type=doc&id=2936356.1
Oracle Financial Services Data Governance for US Regulatory Reporting, versions 8.1.2.0, 8.1.2.1	https://support.oracle.com/rs?type=doc&id=2940075.1
Oracle Financial Services Data Integration Hub, versions 8.0.7.3.1, 8.1.0.1.4, 8.1.2.2.1	https://support.oracle.com/rs?type=doc&id=2939782.1
Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management, versions 8.0.7.3.1, 8.0.8.3.1	https://support.oracle.com/rs?type=doc&id=2939725.1
Oracle Financial Services Enterprise Case Management, versions 8.0.8.2, 8.1.1.1, 8.1.2.3, 8.1.2.4	https://support.oracle.com/rs?type=doc&id=2936337.1
Oracle Financial Services Enterprise Financial Performance Analytics, version 8.0.7.8.1	https://support.oracle.com/rs?type=doc&id=2940042.1
Oracle Financial Services Funds Transfer Pricing, version 8.0.7.8.1	https://support.oracle.com/rs?type=doc&id=2940037.1
Oracle Financial Services Institutional Performance Analytics, version 8.0.7.8.1	https://support.oracle.com/rs?type=doc&id=2940040.1
Oracle Financial Services Liquidity Risk Measurement and Management, versions 8.0.7.3.1, 8.0.8.3.1	https://support.oracle.com/rs?type=doc&id=2939725.1
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.7.8.1, 8.0.8.2.1	https://support.oracle.com/rs?type=doc&id=2939932.1
Oracle Financial Services Model Management and Governance, versions 8.1.0.0, 8.1.2.0	https://support.oracle.com/rs?type=doc&id=2939794.1
Oracle Financial Services Profitability Management, version 8.0.7.8.1	https://support.oracle.com/rs?type=doc&id=2940039.1
Oracle Financial Services Regulatory Reporting, versions 8.0.8.1, 8.1.1.1, 8.1.2.3, 8.1.2.4	https://support.oracle.com/rs?type=doc&id=2936339.1
Oracle Financial Services Regulatory Reporting with AgileREPORTER, version 8.1.1.2.0	https://support.oracle.com/rs?type=doc&id=2940025.1
Oracle Financial Services Retail Performance Analytics, version 8.0.7.8.1	https://support.oracle.com/rs?type=doc&id=2940041.1
Oracle Financial Services Revenue Management and Billing, versions 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2, 4.0	https://support.oracle.com/rs?type=doc&id=2938972.1
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, version 8.0.8.0.0	https://support.oracle.com/rs?type=doc&id=2936336.1
Oracle FLEXCUBE Core Banking, versions 11.6, 11.7, 11.8, 11.10, 11.11	https://support.oracle.com
Oracle FLEXCUBE Universal Banking, versions 14.0-14.3, 14.5-14.7	https://support.oracle.com
Oracle GoldenGate, versions prior to 19.1.0.0.230418, prior to 21.10.0.0.0	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle GoldenGate Studio, version [Fusion Middleware] 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle GraalVM Enterprise Edition, versions 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1	https://support.oracle.com/rs?type=doc&id=2935948.1
Oracle Graph Server and Client, versions prior to 23.1.0, prior to 23.2.0	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle Health Sciences InForm, versions prior to 6.3.1.3, prior to 7.0.0.1	https://support.oracle.com/rs?type=doc&id=2938697.1
Oracle Healthcare Foundation, versions 8.1.0, 8.1.1, 8.2.0, 8.2.1, 8.2.2	https://support.oracle.com/rs?type=doc&id=2939153.1
Oracle Healthcare Master Person Index, versions 5.0.0-5.0.4	https://support.oracle.com/rs?type=doc&id=2939153.1
Oracle Healthcare Translational Research, versions 4.1.0, 4.1.1	https://support.oracle.com/rs?type=doc&id=2939153.1
Oracle Hospitality OPERA 5 Property Services, version 5.6	https://support.oracle.com/rs?type=doc&id=2935379.1
Oracle HTTP Server, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle Hyperion Financial Reporting, version 11.2.12	https://support.oracle.com/rs?type=doc&id=2775466.2
Oracle Hyperion Infrastructure Technology, version 11.2.12	https://support.oracle.com/rs?type=doc&id=2775466.2
Oracle Identity Manager, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle iLearning, version 6.3.1	https://support.oracle.com/rs?type=doc&id=2939823.1
Oracle Insurance Policy Administration Operational Data Store for Life and Annuity, version 1.0.1.8	https://support.oracle.com/rs?type=doc&id=2939209.1
Oracle Java SE, versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20	https://support.oracle.com/rs?type=doc&id=2935948.1
Oracle JDeveloper, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle Managed File Transfer, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle NoSQL Database, versions prior to 19.5.32	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle Outside In Technology, version 8.5.6	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle REST Data Services, versions prior to 23.1.0	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle Retail Customer Management and Segmentation Foundation, versions 18.0.0.12, 19.0.0.6	https://support.oracle.com/rs?type=doc&id=2934131.1
Oracle Retail Fiscal Management, version 14.2	https://support.oracle.com/rs?type=doc&id=2934131.1
Oracle Retail Invoice Matching, versions 15.0.3, 16.0.3	https://support.oracle.com/rs?type=doc&id=2934131.1
Oracle Retail Merchandising System, versions 15.0.3.1, 16.0.2, 16.0.3	https://support.oracle.com/rs?type=doc&id=2934131.1
Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3	https://support.oracle.com/rs?type=doc&id=2934131.1
Oracle Retail Price Management, versions 14.1.3.2, 15.0.3.1, 16.0.3	https://support.oracle.com/rs?type=doc&id=2934131.1
Oracle Retail Sales Audit, version 15.0.3.1	https://support.oracle.com/rs?type=doc&id=2934131.1
Oracle Retail Xstore Office Cloud Service, versions 18.0.5, 19.0.4, 20.0.3, 21.0.2	https://support.oracle.com/rs?type=doc&id=2934131.1
Oracle Retail Xstore Point of Service, versions 17.0.6, 18.0.5, 19.0.4, 20.0.3, 21.0.2	https://support.oracle.com/rs?type=doc&id=2934131.1
Oracle SD-WAN Aware, version 9.0.1.6.0	https://support.oracle.com/rs?type=doc&id=2938423.1
Oracle SD-WAN Edge, versions 9.1.1.3.0, 9.1.1.4.0	https://support.oracle.com/rs?type=doc&id=2938444.1
Oracle SOA Suite, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle Solaris, versions 10, 11	https://support.oracle.com/rs?type=doc&id=2940069.1
Oracle SQL Developer, versions prior to 22.4.0, prior to 23.1.0	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle TimesTen In-Memory Database, versions prior to 22.1.1.7.0	https://support.oracle.com/rs?type=doc&id=2923348.1
Oracle Utilities Application Framework, versions 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0	https://support.oracle.com/rs?type=doc&id=2936478.1
Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1, 2.5.0.0, 2.5.0.1, 2.5.0.2	https://support.oracle.com/rs?type=doc&id=2936478.1
Oracle VM VirtualBox, versions prior to 6.1.44, prior to 7.0.8	https://support.oracle.com/rs?type=doc&id=2940494.1
Oracle WebCenter Portal, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle WebCenter Sites, version 12.2.1.4.0	https://support.oracle.com/rs?type=doc&id=2936090.2
Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	https://support.oracle.com/rs?type=doc&id=2936090.2
PeopleSoft Enterprise HCM Human Resources, version 9.2	https://support.oracle.com/rs?type=doc&id=2939793.1
PeopleSoft Enterprise PeopleTools, versions 8.58, 8.59, 8.60	https://support.oracle.com/rs?type=doc&id=2939793.1
Primavera P6 Enterprise Project Portfolio Management, versions 18.8.0-18.8.26, 19.12.0-19.12.21, 20.12.0-20.12.18, 21.12.0-21.12.12, 22.12.0-22.12.3	https://support.oracle.com/rs?type=doc&id=2936154.1
Primavera Unifier, versions 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14, 22.12.0-22.12.3	https://support.oracle.com/rs?type=doc&id=2936154.1
Siebel Applications, versions 21.10 and prior, 22.10 and prior, 23.3 and prior	https://support.oracle.com/rs?type=doc&id=2939854.1

本次安全更新涉及的漏洞中，共包括266个高危漏洞，389个可被远程利用漏洞。CNVD提醒广大Oracle用户，请及时下载补丁更新，避免引发漏洞相关的安全事件。

CVE编号	公告标题和摘要	最高严重等级	受影响的软件
CVE-2023-21912	Oracle MySQL Server拒绝服务漏洞未经身份验证的远程攻击者可通过MySQL协议网络访问MySQL Server，成功利用此漏洞可导致目标MySQL Server挂起或频繁重复崩溃，造成拒绝服务攻击。	重要	MySQL Server <=5.7.41 MySQL Server <=8.0.30
CVE-2023-21996	Oracle WebLogic Server拒绝服务漏洞。未经身份验证的远程攻击者通过HTTP进行网络访问，从而危害Oracle WebLogic Server。成功利用此漏洞会导致Oracle WebLogic Server挂起或频繁重复崩溃，造成拒绝服务攻击。	重要	Oracle WebLogic Server 12.2.1.3.0 Oracle WebLogic Server 12.2.1.4.0 Oracle WebLogic Server 14.1.1.0.0
CVE-2023-21964	Oracle WebLogic Server拒绝服务漏洞未经身份验证的远程攻击者通过T3进行网络访问，从而危害Oracle WebLogic Server。成功利用此漏洞会导致 Oracle WebLogic Server挂起或频繁重复崩溃，造成拒绝服务攻击。	重要	Oracle WebLogic Server 12.2.1.3.0 Oracle WebLogic Server 12.2.1.4.0 Oracle WebLogic Server 14.1.1.0.0
CVE-2023-21931	Oracle WebLogic Server信息泄露漏洞未经身份验证的远程攻击者通过T3进行网络访问，从而危害Oracle WebLogic Server。此漏洞的成功攻击可能导致对关键数据的未经授权的访问或对所有Oracle WebLogic Server可访问数据的完全访问。	重要	Oracle WebLogic Server 12.2.1.3.0 Oracle WebLogic Server 12.2.1.4.0 Oracle WebLogic Server 14.1.1.0.0
CVE-2023-21979	Oracle WebLogic Server信息泄露漏洞未经身份验证的远程攻击者通过T3进行网络访问，从而危害Oracle WebLogic Server。此漏洞的成功攻击可能导致对关键数据的未经授权的访问或对所有Oracle WebLogic Server可访问数据的完全访问。	重要	Oracle WebLogic Server 12.2.1.3.0 Oracle WebLogic Server 12.2.1.4.0 Oracle WebLogic Server 14.1.1.0.0