Oracle lanza parches para múltiples vulnerabilidades críticas

17 Abril 2019

Crítico

Amenaza

Oracle acaba de lanzar actualizaciones para corregir 297 fallos críticos en muchos de sus productos, entre ellos Enterprise Manager, Java SE, MySQL, JD Edwards, productos de Supply Chain, Database, E-Business Suite, Retail Applications, Virtualization y la plataforma Oracle Banking, entre otros.

Si un atacante explota alguna de las vulnerabilidades podría tomar el control total del sistema vulnerable. Sin embargo, Oracle no publica información detallada sobre la forma de atacar; sólo el tipo de fallo, las condiciones necesarias para explotarlo y el impacto potencial de una explotación exitosa.

Mitigación

Se recomienda aplicar los parches a las versiones afectadas lo antes posible.

El listado de las CVE se adjunta a continuación:

Listado CVE

CVE-2019-2517
CVE-2019-2516
CVE-2019-2619
CVE-2018-7489
CVE-2019-3822
CVE-2018-11219
CVE-2017-5645
CVE-2016-1000031
CVE-2018-11236
CVE-2018-1258
CVE-2017-5664
CVE-2016-1181
CVE-2018-16864
CVE-2018-1000180
CVE-2018-0732
CVE-2017-0861
CVE-2015-9251
CVE-2018-12404
CVE-2017-5753
CVE-2017-5754
CVE-2018-19362
CVE-2018-11763
CVE-2018-0734
CVE-2018-11784
CVE-2019-2701
CVE-2019-2663
CVE-2019-2682
CVE-2019-2665
CVE-2019-2639
CVE-2019-2671
CVE-2019-2675
CVE-2019-2600
CVE-2019-2651
CVE-2019-2661
CVE-2019-2655
CVE-2019-2652
CVE-2019-2583
CVE-2019-2660
CVE-2019-2604
CVE-2019-2664
CVE-2019-2677
CVE-2019-2551
CVE-2019-2603
CVE-2019-2653
CVE-2019-2654
CVE-2019-2662
CVE-2019-2640
CVE-2019-2641
CVE-2019-2642
CVE-2019-2643
CVE-2019-2638
CVE-2019-2633
CVE-2019-2621
CVE-2019-2669
CVE-2019-2676
CVE-2019-2670
CVE-2019-2673
CVE-2019-2674
CVE-2019-2622
CVE-2016-4000
CVE-2018-1656
CVE-2018-0161
CVE-2019-2557
CVE-2018-11775
CVE-2015-3253
CVE-2017-8287
CVE-2017-8105
CVE-2019-2658
CVE-2019-2646
CVE-2019-2645
CVE-2019-2578
CVE-2019-2595
CVE-2019-2706
CVE-2019-2705
CVE-2018-14718
CVE-2019-2601
CVE-2018-11761
CVE-2019-2647
CVE-2019-2648
CVE-2019-2649
CVE-2019-2650
CVE-2018-8013
CVE-2019-2608
CVE-2019-2616
CVE-2018-1305
CVE-2019-2609
CVE-2019-2610
CVE-2019-2611
CVE-2019-2612
CVE-2019-2613
CVE-2019-2618
CVE-2019-2576
CVE-2019-2572
CVE-2018-0495
CVE-2019-2568
CVE-2019-2588
CVE-2019-2615
CVE-2019-2579
CVE-2019-2605
CVE-2019-2720
CVE-2019-2629
CVE-2019-2702
CVE-2016-7103
CVE-2019-2699
CVE-2019-2697
CVE-2019-2698
CVE-2019-2602
CVE-2019-2684
CVE-2018-12023
CVE-2019-2565
CVE-2019-2564
CVE-2019-2632
CVE-2019-2693
CVE-2019-2694
CVE-2019-2695
CVE-2019-2692
CVE-2019-1559
CVE-2018-3123
CVE-2019-2623
CVE-2019-2634
CVE-2019-2580
CVE-2019-2585
CVE-2019-2593
CVE-2019-2624
CVE-2019-2628
CVE-2019-2566
CVE-2019-2626
CVE-2019-2644
CVE-2019-2631
CVE-2019-2581
CVE-2019-2596
CVE-2019-2607
CVE-2019-2625
CVE-2019-2681
CVE-2019-2685
CVE-2019-2686
CVE-2019-2687
CVE-2019-2688
CVE-2019-2689
CVE-2019-2683
CVE-2019-2592
CVE-2019-2587
CVE-2019-2635
CVE-2019-2584
CVE-2019-2589
CVE-2019-2606
CVE-2019-2620
CVE-2019-2627
CVE-2019-2691
CVE-2019-2636
CVE-2019-2614
CVE-2019-2617
CVE-2019-2630
CVE-2019-2598
CVE-2019-2590
CVE-2019-2594
CVE-2019-2707
CVE-2019-2591
CVE-2019-2637
CVE-2019-2597
CVE-2019-2700
CVE-2019-2573
CVE-2019-2586
CVE-2014-9515
CVE-2019-3772
CVE-2017-5533
CVE-2018-3314
CVE-2018-3120
CVE-2018-2880
CVE-2018-15756
CVE-2019-2424
CVE-2019-2558
CVE-2018-3312
CVE-2014-0114
CVE-2016-2141
CVE-2015-1832
CVE-2016-0635
CVE-2014-0107
CVE-2019-2719
CVE-2019-2570
CVE-2019-2704
CVE-2018-20685
CVE-2019-2577
CVE-2019-2567
CVE-2019-2709
CVE-2019-2575
CVE-2017-14952
CVE-2018-8088
CVE-2019-2656
CVE-2019-2680
CVE-2019-2696
CVE-2019-2703
CVE-2019-2721
CVE-2019-2722
CVE-2019-2723
CVE-2019-2657
CVE-2019-2690
CVE-2019-2679
CVE-2019-2678
CVE-2019-2574

Tags: #oracle #vulnerabilidad #fallo #enterprisemanager #javase #mysql #jdedwards #supplychain #database #ebusinesssuite #retailapplications #virtualization #oracle banking

Fuentes utilizadas

https://gbhackers.com/297-vulnerabilities-...

https://www.oracle.com/technetwork/securit...

Productos Afectados

Producto	Versión
Application Server	0.9.8 1.0.0 1.0.1
Oracle Service Bus	11.1.1.9.0 12.1.3.0.0 12.2.1.3.0
Oracle Trade Management	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Java VM	11.2.0.4 12.1.0.2 12.2.0.1 18c 19c
Oracle CRM Technical Foundation	12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Enterprise Manager Ops Center	12.3.3
Oracle Communications Pricing Design Center	11.1 12.0
Oracle Commerce Platform	11.2.0.3 11.2.0.3 11.3.1
Oracle Solaris	10 11
Oracle JDeveloper	11.1.1.9.0 12.1.3.0.0 12.2.1.3.0 12.1.3.0.0 12.2.1.3.0
Oracle API Gateway	11.1.2.4.0
MySQL Enterprise Backup	3.12.3 4.1.2
Oracle Hospitality Guest Access	4.2.0 4.2.1
Oracle Retail Xstore Point of Service	7.0 7.1
MySQL Enterprise Monitor	4.0.8 and prior 8.0.14 and prior
Oracle Hospitality Reporting and Analytics	9.1.0
Portable Clusterware	11.2.0.4 12.1.0.2 12.2.0.1 18c
Oracle Utilities Network Management System	1.12.0.3
Oracle Interaction Center Intelligence	12.1.1 12.1.2 12.1.3
Oracle Communications Instant Messaging Server	10.0.1
Oracle Fusion Middleware MapViewer	12.2.1.3.0
Oracle Utilities Framework	2.2.0 4.2.0.2.0 4.2.0.3.0 4.3.0.2.0 4.3.0.3.0 4.3.0.4.0 4.3.0.5.0 4.3.0.6.0 4.4.0.0.0
MySQL Server	8.0.15
Java SE, Java SE Embedded	11.0.2 12 8u201
RDBMS DataPump	11.2.0.4 12.1.0.2 12.2.0.1 18c
Oracle Retail Workforce Management Software	1.60.9.0.0
Oracle Communications Service Broker Engineered System Edition	6
PeopleSoft Enterprise HRMS	9 2
MICROS Retail-J	12.1.2
PeopleSoft Enterprise HCM Talent Acquisition Manager	9 2
Oracle Communications Application Session Controller	3.7.1 3.8.0
PeopleSoft Enterprise PeopleTools	8.55 8.56 8.57
OSS Support Tools	19 1
Oracle Retail Order Broker	5.1 5.2 15.0 16.0
Oracle Financial Services Profitability Management	8.0.4-8.0.6
Oracle Banking Platform	2.4.0 2.4.1 2.5.0 2.6.0
Oracle Financial Services Funds Transfer Pricing	8.0.4-8.0.7
Oracle Advanced Outbound Telephony	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle Financial Services Hedge Management and IFRS Valuations	8.0.4-8.0.7
Oracle Communications EAGLE Application Processor	16.1.0 16.2.0
Oracle VM VirtualBox	Prior to 5.2.28 prior to 6.0.6
Oracle Hospitality Cruise Fleet Management	9.0.11
Oracle Utilities Mobile Workforce Management	2.3.0
Oracle One-to-One Fulfillment	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle Health Sciences Data Management Workbench	2.4.8
MySQL Connectors	8.0.15 y anteriores
BI Publisher (formerly XML Publisher)	11.1.1.9.0 12.2.1.3.0 12.2.1.4.0
Oracle Financial Services Liquidity Risk Management	8.0.2-8.0.6
Oracle Transportation Management	6.3.7 6.4.2 6.4.3
Oracle Retail Convenience Store Back Office	3 6
Oracle iSupplier Portal	12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Primavera Unifier	16.1 16.2 17.7-17.12 18.8
Oracle Agile PLM	9.3.3 9.3.4 9.3.5
Oracle Hospitality Cruise Dining Room Management	8.0.80
Oracle Communications LSMS	13.1 13.2 13.3
Java SE	7u211 8u202
Oracle Applications Framework	12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Core RDBMS	12.2.0.1 18c
MICROS Lucas	2.9.5.6 2.9.5.7
Oracle Tuxedo	12.1.1.0.0
Oracle Retail Merchandising System	15 15.0 16.0
Oracle Retail Point-of-Service	13.4 14.0 14.1
Oracle SOA Suite	11.1.1.9.0 12.1.3.0.0 12.2.1.3.0
Oracle Financial Services Reconciliation Framework	8.0.5 8.0.6
Oracle Financial Services Asset Liability Management	8.0.4-8.0.7
Oracle Financial Services Data Integration Hub	8.0.5-8.0.7
Oracle WebCenter Portal	12.2.1.3.0
Oracle Enterprise Session Border Controller	8.0.0 8.1.0 8.2.0
PeopleSoft Enterprise ELM	9 2
Oracle Managed File Transfer	12.1.3.0.0 12.2.1.3.0
Siebel Core - Server BizLogic Script	19 3
Primavera P6 Enterprise Project Portfolio Management	8.4 15.1 15.2 16.1 16.2 17.7-17.12 18.8
Oracle Retail Customer Management and Segmentation Foundation	16.0 17.0 18.0
Oracle Identity Analytics	11.1.1.5.8
Oracle Marketing	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle Territory Management	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle HTTP Server	12.2.1.3.0
Oracle Data Integrator	12.2.1.3.0
Oracle Communications Policy Management	12.1 12.2 12.3 12.4
Oracle Communications Messaging Server	8.0 8.1
Oracle Business Transaction Management	12.1.0
Oracle Commerce Merchandising	11.2.0.3
Oracle AutoVue 3D Professional Advanced	21.0.0 21.0.1
Oracle FLEXCUBE Private Banking	2.0.0.0 2.2.0.1 12.0.1.0 12.0.3.0 12.1.0.0
Oracle Enterprise Communications Broker	3.0.0 3.1.0
Oracle Configurator	12.1 12.2
Oracle Communications Operations Monitor	3.4 4.0
Oracle Knowledge	8.5.1.0 - 8.5.1.7 8.6.0 8.6.1
Oracle Application Testing Suite	13.3.0.1
Oracle Traffic Director	11.1.1.9.0
Oracle Endeca Information Discovery Integrator	3.2.0
PeopleSoft Enterprise PT PeopleTools	8.55 8.56 8.57
Oracle WebLogic Server	10.3.6.0.0 12.1.3.0.0 12.2.1.3.0
Data Store	Prior to 6.138 prior to 6.2.38 prior to 18.1.32
Oracle Financial Services Analytical Applications Infrastructure	7.3.3-7.3.5 8.0.0-8.0.7
Oracle Service Contracts	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle Retail Invoice Matching	12.0 13.0 13.1 13.2 14.0 14.1 15
Oracle Common Applications	12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle Communications EAGLE LNP Application Processor	10.0 10.1 10.2
PeopleSoft Enterprise ELM Enterprise Learning Management	9 2
Oracle Financial Services Market Risk Measurement and Management	8.0.5 8.0.6
Oracle Work in Process	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle Communications Interactive Session Recorder	6.0 6.1 6.2
Oracle Healthcare Master Person Index	3.0 4.0
Enterprise Manager Base Platform	13.2.0.0.0 13.3.0.0.0
Oracle Real-Time Scheduler	2.3.0
Oracle iStore	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle Enterprise Operations Monitor	3.4 4.0
Oracle Application Object Library	12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Agile Recipe Management for Pharmaceuticals	9.3.3 9.3.4
Oracle Communications Unified Inventory Management	7.3.2 7.3.4 7.3.5 7.4.0
JD Edwards World Technical Foundation	A9.2 A9.3.1 A9.4
Oracle Communications Session Border Controller	8.0.0 8.1.0 8.2.0
Instantis EnterpriseTrack	17.1 17.2 17.3
Oracle Business Process Management Suite	11.1.1.9.0 12.1.3.0.0 12.2.1.3.0
Oracle Secure Global Desktop	5 4
JD Edwards EnterpriseOne Tools	9 2
Oracle Retail Allocation	15.0.2
Oracle Knowledge Management	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle General Ledger	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle Configuration Manager	12.1.0
Oracle WebCenter Sites	12.2.1.3.0
Oracle Business Intelligence Enterprise Edition	11.1.1.9.0 12.2.1.3.0 12.2.1.4.0
Oracle Retail Customer Engagement	16.0 17.0
FMW Platform	12.2.1.3.0
Oracle Email Center	12.1.1 12.1.2 12.1.3 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8
Oracle Communications Service Broker	6
Oracle Outside In Technology	8.5.3 8.5.4
MICROS Relate CRM Software	11 4
Oracle Financial Services Loan Loss Forecasting and Provisioning	8.0.2-8.0.7