lunes, 17 de abril de 2017

Oracle Critical Patch Update Pre-Release Announcement - April 2017

Executive Summaries

Oracle Database Server Executive Summary

This Critical Patch Update contains 2 new security fixes for the Oracle Database Server.  Neither of these vulnerabilities may be remotely exploitable without authentication, i.e., neither may be exploited over a network without requiring user credentials.  1 of these fixes is applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.
The highest CVSS Base Score of vulnerabilities affecting Oracle Database Server is 9.9
The Oracle Database Server components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • OJVM
  • SQL*Plus

Oracle Secure Backup Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Secure Backup.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Secure Backup is 9.8
The Oracle Secure Backup components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • PHP

Oracle Berkeley DB Executive Summary

This Critical Patch Update contains 14 new security fixes for Oracle Berkeley DB.  None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Berkeley DB is 7.0
The Oracle Berkeley DB components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Data Store

Oracle Fusion Middleware Executive Summary

This Critical Patch Update contains 28 new security fixes for Oracle Fusion Middleware.  17 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Fusion Middleware is 10.0
The Oracle Fusion Middleware components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle API Gateway
  • Oracle Fusion Middleware MapViewer
  • Oracle Identity Manager
  • Oracle Service Bus
  • Oracle Social Network
  • Oracle WebCenter Sites
  • Oracle WebLogic Server

Oracle Hyperion Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Hyperion.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Hyperion is 6.5
The Oracle Hyperion components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Hyperion Essbase

Oracle Enterprise Manager Grid Control Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Enterprise Manager Grid Control.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.  This fix is not applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager Grid Control installed.
The highest CVSS Base Score of vulnerabilities affecting Oracle Enterprise Manager Grid Control is 7.5
The Oracle Enterprise Manager Grid Control components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Enterprise Manager Base Platform

Oracle E-Business Suite Executive Summary

This Critical Patch Update contains 11 new security fixes for the Oracle E-Business Suite.  10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle E-Business Suite is 9.1
The Oracle E-Business Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Advanced Outbound Telephony
  • Oracle Application Object Library
  • Oracle Applications Framework
  • Oracle Customer Interaction History
  • Oracle iReceivables
  • Oracle Marketing
  • Oracle One-to-One Fulfillment
  • Oracle Payables
  • Oracle Scripting
  • Oracle User Management

Oracle Supply Chain Products Suite Executive Summary

This Critical Patch Update contains 1 new security fix for the Oracle Supply Chain Products Suite.  This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Supply Chain Products Suite is 6.1
The Oracle Supply Chain Products Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Transportation Manager

Oracle PeopleSoft Products Executive Summary

This Critical Patch Update contains 16 new security fixes for Oracle PeopleSoft Products.  8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle PeopleSoft Products is 7.5
The Oracle PeopleSoft Products components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • PeopleSoft Enterprise CS Campus Community
  • PeopleSoft Enterprise FIN Receivables
  • PeopleSoft Enterprise FSCM
  • PeopleSoft Enterprise PeopleTools
  • PeopleSoft Enterprise SCM eBill Payment
  • PeopleSoft Enterprise SCM eSupplier Connection
  • PeopleSoft Enterprise SCM Purchasing
  • PeopleSoft Enterprise SCM Service Procurement
  • PeopleSoft Enterprise SCM Strategic Sourcing

Oracle JD Edwards Products Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle JD Edwards Products.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle JD Edwards Products is 6.5
The Oracle JD Edwards Products components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • JD Edwards EnterpriseOne Tools

Oracle Siebel CRM Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Siebel CRM.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Siebel CRM is 10.0
The Oracle Siebel CRM components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Siebel Apps - E-Billing

Oracle Commerce Executive Summary

This Critical Patch Update contains 3 new security fixes for Oracle Commerce.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Commerce is 7.5
The Oracle Commerce components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Commerce Guided Search / Oracle Commerce Experience Manager

Oracle Communications Applications Executive Summary

This Critical Patch Update contains 11 new security fixes for Oracle Communications Applications.  9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Communications Applications is 10.0
The Oracle Communications Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Communications ASAP
  • Oracle Communications Network Integrity
  • Oracle Communications Policy Management
  • Oracle Communications Security Gateway
  • Oracle Communications Service Broker Engineered System Edition
  • Oracle Communications Session Border Controller

Oracle Financial Services Applications Executive Summary

This Critical Patch Update contains 47 new security fixes for Oracle Financial Services Applications.  25 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Financial Services Applications is 10.0
The Oracle Financial Services Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Financial Services Analytical Applications Infrastructure
  • Oracle Financial Services Asset Liability Management
  • Oracle Financial Services Basel Regulatory Capital Basic
  • Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach
  • Oracle Financial Services Data Foundation
  • Oracle Financial Services Data Integration Hub
  • Oracle Financial Services Enterprise Financial Performance Analytics
  • Oracle Financial Services Funds Transfer Pricing
  • Oracle Financial Services Hedge Management and IFRS Valuations
  • Oracle Financial Services Institutional Performance Analytics
  • Oracle Financial Services Liquidity Risk Management
  • Oracle Financial Services Loan Loss Forecasting and Provisioning
  • Oracle Financial Services Pricing Management/Transfer Pricing Component
  • Oracle Financial Services Profitability Management
  • Oracle Financial Services Reconciliation Framework
  • Oracle Financial Services Retail Customer Analytics
  • Oracle Financial Services Retail Performance Analytics
  • Oracle FLEXCUBE Direct Banking
  • Oracle FLEXCUBE Enterprise Limits and Collateral Management
  • Oracle FLEXCUBE Investor Servicing
  • Oracle FLEXCUBE Private Banking
  • Oracle FLEXCUBE Universal Banking
  • Oracle Insurance Data Foundation

Oracle Health Sciences Applications Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Health Sciences Applications.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Health Sciences Applications is 7.5
The Oracle Health Sciences Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Healthcare Master Person Index

Oracle Hospitality Applications Executive Summary

This Critical Patch Update contains 6 new security fixes for Oracle Hospitality Applications.  1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Hospitality Applications is 7.1
The Oracle Hospitality Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Hospitality OPERA 5 Property Services

Oracle Insurance Applications Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Insurance Applications.  This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Insurance Applications is 6.5
The Oracle Insurance Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Insurance Istream

Oracle Retail Applications Executive Summary

This Critical Patch Update contains 39 new security fixes for Oracle Retail Applications.  32 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Retail Applications is 10.0
The Oracle Retail Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • MICROS Lucas
  • MICROS Relate CRM Software
  • MICROS XBR
  • MICROS Xstore Payment
  • Oracle Retail Advanced Inventory Planning
  • Oracle Retail Advanced Science Engine
  • Oracle Retail Analytic Parameter Calculator - RO
  • Oracle Retail Analytics
  • Oracle Retail Assortment Planning
  • Oracle Retail Back Office
  • Oracle Retail Category Management
  • Oracle Retail Category Management Planning & Optimization
  • Oracle Retail Customer Insights
  • Oracle Retail Customer Management and Segmentation Foundation
  • Oracle Retail Demand Forecasting
  • Oracle Retail Invoice Matching
  • Oracle Retail Item Planning
  • Oracle Retail Macro Space Optimization
  • Oracle Retail Merchandise Financial Planning
  • Oracle Retail Merchandising Insights
  • Oracle Retail Open Commerce Platform
  • Oracle Retail Order Broker
  • Oracle Retail Point-of-Service
  • Oracle Retail Predictive Application Server
  • Oracle Retail Regular Price Optimization
  • Oracle Retail Replenishment Optimization
  • Oracle Retail Returns Management
  • Oracle Retail Size Profile Optimization
  • Oracle Retail Store Inventory
  • Oracle Retail Warehouse Management System
  • Oracle Retail XBRi Loss Prevention
  • Oracle Retail Xstore Point of Service

Oracle Utilities Applications Executive Summary

This Critical Patch Update contains 7 new security fixes for Oracle Utilities Applications.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Utilities Applications is 9.8
The Oracle Utilities Applications components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle Real-Time Scheduler
  • Oracle Utilities Customer Self Service
  • Oracle Utilities Framework
  • Oracle Utilities Work and Asset Management

Oracle Primavera Products Suite Executive Summary

This Critical Patch Update contains 7 new security fixes for the Oracle Primavera Products Suite.  4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Primavera Products Suite is 9.9
The Oracle Primavera Products Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Primavera Gateway
  • Primavera P6 Enterprise Project Portfolio Management
  • Primavera Unifier

Oracle Java SE Executive Summary

This Critical Patch Update contains 9 new security fixes for Oracle Java SE.  8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 9.6
The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Java SE
  • Java SE Embedded
  • JRockit

Oracle Sun Systems Products Suite Executive Summary

This Critical Patch Update contains 22 new security fixes for the Oracle Sun Systems Products Suite.  8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Sun Systems Products Suite is 10.0
The Oracle Sun Systems Products Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle SuperCluster Specific Software
  • Solaris
  • Solaris Cluster
  • StorageTek Tape Analytics SW Tool
  • Sun ZFS Storage Appliance Kit (AK)

Oracle Virtualization Executive Summary

This Critical Patch Update contains 15 new security fixes for Oracle Virtualization.  6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Virtualization is 9.8
The Oracle Virtualization components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Oracle VM VirtualBox
  • Secure Global Desktop

Oracle MySQL Executive Summary

This Critical Patch Update contains 41 new security fixes for Oracle MySQL.  13 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle MySQL is 10.0
The Oracle MySQL components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • MySQL Cluster
  • MySQL Connectors
  • MySQL Enterprise Backup
  • MySQL Enterprise Monitor
  • MySQL Server
  • MySQL Workbench

Oracle Support Tools Executive Summary

This Critical Patch Update contains 13 new security fixes for Oracle Support Tools.  4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 
The highest CVSS Base Score of vulnerabilities affecting Oracle Support Tools is 9.8
The Oracle Support Tools components affected by vulnerabilities that are fixed in this Critical Patch Update are:
  • Automatic Service Request (ASR)
  • Oracle Advanced Support Gateway
  • Oracle Trace File Analyzer (TFA)
  • OSS Support Tools

No hay comentarios:

Publicar un comentario

Te agradezco tus comentarios. Te esperamos de vuelta.

Todos los Sábados a las 8:00PM

Optimismo para una vida Mejor

Optimismo para una vida Mejor
Noticias buenas que comentar