Impatto Sistemico

Alto (66.66)

Sintesi

Oracle ha rilasciato il Critical Patch Update di giugno che mira a correggere numerose vulnerabilità su più prodotti, di cui 122 con gravità “critica” e 102 con gravità “alta”.

Tipologia

• Denial of Service
• Remote Code Execution
• Elevation of Privilege
• Security Restriction Bypass
• Data Manipulation

Prodotti e/o versioni affette

Oracle

• APM – Application Performance Management
• Application Development Framework (ADF)
• Identity Manager
• Identity Manager Connector
• JD Edwards EnterpriseOne Accounts Payable
• JD Edwards EnterpriseOne General Ledger
• JD Edwards EnterpriseOne Human Resources Management
• JD Edwards EnterpriseOne Order Promising
• JD Edwards EnterpriseOne Project Costing
• JD Edwards EnterpriseOne Tools
• MySQL NDB Cluster
• MySQL Router
• MySQL Server
• MySQL Shell
• Oracle Access Manager
• Oracle Advanced Outbound Telephony
• Oracle Agile PLM
• Oracle Application Development Framework (ADF)
• Oracle Applications Manager
• Oracle Coherence
• Oracle Complex Maintenance, Repair and Overhaul
• Oracle Configure to Order
• Oracle Cost Management
• Oracle Data Integrator
• Oracle Enterprise Asset Management
• Oracle Enterprise Command Center Framework
• Oracle Enterprise Manager Base Platform
• Oracle Financials for EMEA
• Oracle HR Intelligence
• Oracle HRMS (UK)
• Oracle Human Resources
• Oracle In-Memory Cost Management for Discrete Industries
• Oracle iSetup
• Oracle iSupplier Portal
• Oracle iSupport
• Oracle Outsourced Mfg for Discrete Industries
• Oracle Process Manufacturing Process Planning
• Oracle Process Manufacturing Product Development
• Oracle Project Portfolio Analysis
• Oracle Property Manager
• Oracle Public Sector Financials (International)
• Oracle Public Sector Payroll
• Oracle Quality
• Oracle Receivables
• Oracle Solaris
• Oracle Spares Management
• Oracle Subledger Accounting
• Oracle Unified Directory
• Oracle Universal Work Queue
• Oracle Virtual Directory
• Oracle VM VirtualBox
• Oracle WebCenter Content
• Oracle WebCenter Enterprise Capture
• Oracle WebCenter Portal
• Oracle WebCenter Sites
• PeopleSoft Enterprise CS Campus Community
• PeopleSoft Enterprise CS Student Financials
• PeopleSoft Enterprise PT PeopleTools
• Siebel Apps – Marketing
• Siebel CRM Cloud Applications
• Siebel CRM Deployment
• Siebel CRM Integration
• WebCenter Content
• WebCenter Content: Imaging
• WebLogic Server

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si consiglia di aggiornare i prodotti all’ultima versione disponibile.

Per approfondimenti sui prodotti interessati e sulle modalità di intervento si consiglia di fare riferimento al bollettino di sicurezza disponibile nella sezione Riferimenti.

Di seguito sono riportate le sole CVE relative alle vulnerabilità con gravità “alta” e “critica”: