【安全通告】Oracle全系产品2020年7月关键补丁更新

2020-07-15

综述

当地时间2020年7月14日，Oracle官方发布了2020年7月关键补丁更新公告CPU（Critical Patch Update），安全通告以及第三方安全公告等公告内容，修复了443个不同程度的漏洞。各产品受影响情况以及可用补丁情况见附录表格。

完整信息请查看官方通告：

https://www.oracle.com/security-alerts/cpujul2020.html

漏洞总结

产品	漏洞个数	未授权远程利用个数	最高CVSS评分
Oracle Database server	19	1	8.8
Oracle Berkeley DB	3	0	7.3
Oracle Global Lifecycle Management	1	0	0
Oracle GoldenGate	3	1	9.6
Oracle TimesTen In-Memory Database	1	0	0
Oracle Commerce	4	3	7.4
Oracle Communications Applications	60	46	10
Oracle Construction and Engineering	20	15	9.8
Oracle E-Business Suite	30	24	9.1
Oracle Enterprise Manager	14	10	9.8
Oracle Financial Services Applications	38	26	9.8
Oracle Food and Beverage Applications	4	0	7.3
Oracle Fusion Middleware	52	48	9.8
Oracle GraalVM	4	3	9.1
Oracle Health Sciences Applications	4	4	9.8
Oracle Hospitality Applications	1	1	9.8
Oracle Hyperion	3	0	4.2
Oracle iLearning	1	1	8.2
Oracle Insurance Applications	6	4	7.5
Oracle Java SE	11	11	8.3
Oracle JD Edwards	6	6	9.8
Oracle MySQL	40	6	9.8
Oracle PeopleSoft	11	9	8.2
Oracle Retail Applications	47	42	9.8
Oracle Siebel CRM	5	5	9.8
Oracle Supply Chain	22	18	9.8
Oracle Systems	7	1	9.8
Oracle Utilities Applications	1	1	7.5
Oracle Virtualization	25	0	8.2

受影响的产品及版本

受影响的产品及版本信息请参考文末附录。

关键补丁更新（cpu）

关键修补程序更新 (cpu) 是针对多个安全漏洞的修补程序集合。关键修补程序更新通常是累积的, 但每次都只描述自上一个关键修补程序更新咨询以来添加的安全修复补丁。因此, 应复查先前发布的安全修补程序的重要更新建议, 以了解有关早期版本的安全性修正的信息。

解决方案

鉴于成功攻击所造成的威胁，Oracle强烈建议客户尽快下载并安装重要补丁更新修复程序。

附录

受影响产品（含版本）以及相关补丁情况如下表：

Affected Products and Versions	Patch Availability Document
Category Management Planning & Optimization, version 15.0.3	Retail Applications
Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0	Retail Applications
Enterprise Manager Base Platform, versions 12.1.0.5, 13.3.0.0, 13.4.0.0	Enterprise Manager
Enterprise Manager for Fusion Middleware, version 12.1.0.5	Enterprise Manager
Enterprise Manager Ops Center, version 12.4.0.0	Enterprise Manager
GoldenGate Stream Analytics, versions prior to 19.1.0.0.1	Database
Hyperion Financial Close Management, version 11.1.2.4	Fusion Middleware
Instantis EnterpriseTrack, versions 17.1-17.3	Oracle Construction and Engineering Suite
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.4.2	JD Edwards
JD Edwards EnterpriseOne Tools, versions prior to 9.2.3.3, prior to 9.2.4.2	JD Edwards
MySQL Client, versions 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior	MySQL
MySQL Cluster, versions 7.3.29 and prior, 7.4.28 and prior, 7.5.18 and prior, 7.6.14 and prior, 8.0.20 and prior	MySQL
MySQL Connectors, versions 8.0.20 and prior	MySQL
MySQL Enterprise Monitor, versions 4.0.12 and prior, 8.0.20 and prior	MySQL
MySQL Server, versions 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior	MySQL
Oracle Agile Engineering Data Management, version 6.2.1.0	Oracle Supply Chain Products
Oracle Application Express, versions 5.1-19.2	Database
Oracle Application Testing Suite, versions 13.2.0.1, 13.3.0.1	Enterprise Manager
Oracle AutoVue, version 21.0	Oracle Supply Chain Products
Oracle Banking Enterprise Collections, versions 2.7.0-2.9.0	Oracle Banking Platform
Oracle Banking Payments, versions 14.1.0-14.4.0	Oracle Financial Services Applications
Oracle Banking Platform, versions 2.4.0-2.10.0	Oracle Banking Platform
Oracle Berkeley DB, versions prior to 6.1.38, prior to 18.1.40	Berkeley DB
Oracle BI Publisher, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 11.0, 11.1, 11.2, prior to 11.3.1	Oracle Commerce
Oracle Commerce Platform, versions 11.1, 11.2, prior to 11.3.1	Oracle Commerce
Oracle Commerce Service Center, versions 11.1, 11.2, prior to 11.3.1	Oracle Commerce
Oracle Communications Analytics, version 12.1.1	Oracle Communications Analytics
Oracle Communications Billing and Revenue Management, versions 7.5.0.23.0, 12.0.0.3.0	Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, versions 11.3, 12.0	Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Contacts Server, version 8.0.0.4.0	Oracle Communications Contacts Server
Oracle Communications Convergence, versions 3.0.1.0-3.0.2.1	Oracle Communications Convergence
Oracle Communications Diameter Signaling Router (DSR), versions 8.0-8.4	Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager, versions 8.1.1, 8.2.0, 8.2.1	Oracle Communications Element Manager
Oracle Communications Evolved Communications Application Server, version 7.1	Oracle Communications Evolved Communications Application Server
Oracle Communications Instant Messaging Server, version 10.0.1.4.0	Oracle Communications Instant Messaging Server
Oracle Communications Interactive Session Recorder, versions 6.1-6.4	Oracle Communications Interactive Session Recorder
Oracle Communications IP Service Activator, versions 7.3.0, 7.4.0	Oracle Communications IP Service Activator
Oracle Communications LSMS, versions 13.0-13.3	Oracle Communications LSMS
Oracle Communications Messaging Server, versions 8.0.2, 8.1.0	Oracle Communications Messaging Server
Oracle Communications MetaSolv Solution, version 6.3.0	Oracle Communications MetaSolv Solution
Oracle Communications Network Charging and Control, versions 6.0.1, 12.0.0-12.0.3	Oracle Communications Network Charging and Control
Oracle Communications Network Integrity, versions 7.3.2-7.3.6	Oracle Communications Network Integrity
Oracle Communications Operations Monitor, versions 3.4, 4.1-4.3	Oracle Communications Operations Monitor
Oracle Communications Order and Service Management, versions 7.3, 7.4	Oracle Communications Order and Service Management
Oracle Communications Services Gatekeeper, versions 6.0, 6.1, 7.0	Oracle Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions 8.1.0, 8.2.0, 8.3.0	Oracle Communications Session Border Controller
Oracle Communications Session Report Manager, versions 8.1.1, 8.2.0, 8.2.1	Oracle Communications Session Report Manager
Oracle Communications Session Route Manager, versions 8.1.1, 8.2.0, 8.2.1	Oracle Communications Session Route Manager
Oracle Configuration Manager, version 12.1.2.0.6	Enterprise Manager
Oracle Configurator, versions 12.1, 12.2	Oracle Supply Chain Products
Oracle Data Masking and Subsetting, versions 13.3.0.0, 13.4.0.0	Enterprise Manager
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, [Spatial Studio] prior to 19.2.1	Database
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9	E-Business Suite
Oracle Endeca Information Discovery Studio, version 3.2.0	Fusion Middleware
Oracle Enterprise Communications Broker, versions 3.0.0-3.2.0	Oracle Enterprise Communications Broker
Oracle Enterprise Repository, version 11.1.1.7.0	Fusion Middleware
Oracle Enterprise Session Border Controller, versions 8.1.0, 8.2.0, 8.3.0	Oracle Enterprise Session Border Controller
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0	Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Compliance Regulatory Reporting, versions 8.0.6-8.0.8	Oracle Financial Services Compliance Regulatory Reporting
Oracle Financial Services Lending and Leasing, versions 12.5.0, 14.1.0-14.8.0	Oracle Financial Services Applications
Oracle Financial Services Liquidity Risk Management, version 8.0.6	Oracle Financial Services Liquidity Risk Management
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.6-8.0.8	Oracle Financial Services Loan Loss Forecasting and Provisioning
Oracle Financial Services Market Risk Measurement and Management, versions 8.0.6, 8.0.8	Oracle Financial Services Market Risk Measurement and Management
Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank, version 8.0.4	Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank
Oracle FLEXCUBE Investor Servicing, versions 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0	Oracle Financial Services Applications
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0	Oracle Financial Services Applications
Oracle Fusion Middleware MapViewer, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Global Lifecycle Management/OPatch, versions prior to 12.2.0.1.20	Global Lifecycle Management
Oracle GoldenGate, versions prior to 19.1.0.0.0	Database
Oracle GraalVM Enterprise Edition, versions 19.3.2, 20.1.0	Oracle GraalVM Enterprise Edition
Oracle Health Sciences Empirica Inspections, version 1.0.1.2	Health Sciences
Oracle Health Sciences Empirica Signal, version 7.3.3	Health Sciences
Oracle Healthcare Master Person Index, version 4.0.2	Health Sciences
Oracle Healthcare Translational Research, versions 3.2.1, 3.3.1, 3.3.2, 3.4.0	Health Sciences
Oracle Help Technologies, versions 11.1.1.9.0, 12.2.1.3.0	Fusion Middleware
Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1	Oracle Hospitality Guest Access
Oracle Hospitality Reporting and Analytics, version 9.1.0	Oracle Hospitality Reporting and Analytics
Oracle Hyperion BI+, version 11.1.2.4	Fusion Middleware
Oracle iLearning, versions 6.1, 6.1.1	iLearning
Oracle Insurance Accounting Analyzer, versions 8.0.6-8.0.9	Oracle Insurance Accounting Analyzer
Oracle Insurance Data Gateway, version 1.0	Oracle Insurance Applications
Oracle Insurance Policy Administration J2EE, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0	Oracle Insurance Applications
Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0	Oracle Insurance Applications
Oracle Java SE, versions 7u261, 8u251, 11.0.7, 14.0.1	Java SE
Oracle Java SE Embedded, version 8u251	Java SE
Oracle Outside In Technology, versions 8.5.4, 8.5.5	Fusion Middleware
Oracle Rapid Planning, versions 12.1, 12.2	Oracle Supply Chain Products
Oracle Real User Experience Insight, version 13.3.1.0	Enterprise Manager
Oracle Retail Assortment Planning, versions 15.0, 15.0.3, 16.0, 16.0.3	Retail Applications
Oracle Retail Bulk Data Integration, versions 15.0, 16.0	Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, version 18.0	Retail Applications
Oracle Retail Data Extractor for Merchandising, versions 1.9, 1.10, 18.0	Retail Applications
Oracle Retail Extract Transform and Load, version 19.0	Retail Applications
Oracle Retail Financial Integration, versions 15.0, 16.0	Retail Applications
Oracle Retail Fusion Platform, version 5.5	Retail Applications
Oracle Retail Integration Bus, versions 15.0, 15.0.3, 16.0, 16.0.3	Retail Applications
Oracle Retail Invoice Matching, version 16.0	Retail Applications
Oracle Retail Item Planning, version 15.0.3	Retail Applications
Oracle Retail Macro Space Optimization, version 15.0.3	Retail Applications
Oracle Retail Merchandise Financial Planning, version 15.0.3	Retail Applications
Oracle Retail Merchandising System, versions 15.0.3, 16.0.2, 16.0.3	Retail Applications
Oracle Retail Order Broker, version 15.0	Retail Applications
Oracle Retail Predictive Application Server, versions 14.0.3, 14.1.3, 15.0.3, 16.0.3	Retail Applications
Oracle Retail Regular Price Optimization, versions 15.0.3, 16.0.3	Retail Applications
Oracle Retail Replenishment Optimization, version 15.0.3	Retail Applications
Oracle Retail Sales Audit, version 14.1	Retail Applications
Oracle Retail Service Backbone, versions 14.1, 15.0, 16.0	Retail Applications
Oracle Retail Size Profile Optimization, version 15.0.3	Retail Applications
Oracle Retail Store Inventory Management, versions 14.0.4, 14.1.3, 15.0.3, 16.0.3	Retail Applications
Oracle Retail Xstore Point of Service, versions 7.1, 15.0, 16.0, 17.0, 18.0, 19.0	Retail Applications
Oracle SD-WAN Aware, version 8.2	Oracle SD-WAN Aware
Oracle SD-WAN Edge, versions 8.2, 9.0	Oracle SD-WAN Edge
Oracle Security Service, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Solaris, version 11	Systems
Oracle TimesTen In-Memory Database, versions prior to 18.1.2.1.0	Database
Oracle Transportation Management, versions 6.3.7, 6.4.3	Oracle Supply Chain Products
Oracle Unified Directory, versions 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0	Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 5.2.44, prior to 6.0.24, prior to 6.1.12	Virtualization
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0	Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0	Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8	Systems
PeopleSoft Enterprise FIN Expenses, version 9.2	PeopleSoft
PeopleSoft Enterprise HCM Global Payroll Switzerland, version 9.2	PeopleSoft
PeopleSoft Enterprise HRMS, version 9.2	PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58	PeopleSoft
Primavera Gateway, versions 16.2.0-16.2.11, 17.12.0-17.12.7, 18.8.0-18.8.9, 19.12.0-19.12.4	Oracle Construction and Engineering Suite
Primavera P6 Enterprise Project Portfolio Management, versions 16.1.0.0-16.2.20.1, 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19, 19.12.0-19.12.6	Oracle Construction and Engineering Suite
Primavera Portfolio Management, versions 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0	Oracle Construction and Engineering Suite
Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12, [Mobile App] prior to 20.6	Oracle Construction and Engineering Suite
Siebel Applications, versions 2.20.5 and prior, 20.6 and prior	Siebel

声明

本安全公告仅用来描述可能存在的安全问题，海王捕鱼不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，海王捕鱼以及安全公告作者不为此承担任何责任。海王捕鱼拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告，必须保证此安全公告的完整性，包括版权声明等全部内容。未经海王捕鱼允许，不得任意修改或者增减此安全公告内容，不得以任何方式将其用于商业目的。

关于海王捕鱼

海王捕鱼集团股份有限公司（简称海王捕鱼）成立于2000年4月，总部位于北京。在国内外设有30多个分支机构，为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户，提供具有核心竞争力的安全产品及解决方案，帮助客户实现业务的安全顺畅运行。

基于多年的安全攻防研究，海王捕鱼在网络及终端安全、互联网基础安全、合规及安全管理等领域，为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。

海王捕鱼集团股份有限公司于2014年1月29日起在深圳证券交易所创业板上市，股票简称：海王捕鱼，股票代码：300369。

<<上一篇

【安全通告】Adobe 7月安全更新

>>下一篇

【安全通告】微软发布7月补丁修复124个安全问题