MCNC Logo
10.18.2023

Oracle Remote Code Execution Vulnerabilities

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 10/18/2023

Action Level - Critical

Description

Oracle has released its October 2023 quarterly critical patches. Many products are impacted by these vulnerabilities that could permit an attacker remote code execution capabilities. Please review the impacted device list and prioritize patching affected software.

Affected Versions

  • BI Publisher, versions 6.4.0.0.0, 7.0.0.0.0, 12.2.1.4.0
  • GoldenGate Big Data, versions 21.3-21.10
  • GoldenGate Veridata, versions 12.2.1.4.0-12.2.1.4.230922
  • Hospitality OPERA 5 Property Services, version 5.6
  • JD Edwards EnterpriseOne Tools, version 9.2.7
  • Management Cloud Engine, version 23.1.0.0
  • MySQL Cluster, versions 8.0.34 and prior, 8.1.0
  • MySQL Connectors, versions 8.1.0 and prior
  • MySQL Enterprise Monitor, versions 8.0.35 and prior
  • MySQL Installer, versions prior to 1.6.8
  • MySQL Server, versions 5.7.43 and prior, 8.0.34 and prior, 8.1.0 and prior
  • MySQL Shell, versions 8.1.1 and prior
  • Oracle Access Manager, version 12.2.1.4.0
  • Oracle Agile PLM, version 9.3.6
  • Oracle Application Testing Suite, version 13.3.0.1
  • Oracle Banking APIs, versions 18.3, 19.1, 19.2, 21.1, 22.1, 22.2
  • Oracle Banking Branch, versions 14.5-14.7
  • Oracle Banking Cash Management, versions 14.5-14.7
  • Oracle Banking Corporate Lending, versions 14.0-14.3, 14.5-14.7
  • Oracle Banking Corporate Lending Process Management, versions 14.5-14.7
  • Oracle Banking Credit Facilities Process Management, versions 14.5-14.7
  • Oracle Banking Deposits and Lines of Credit Servicing, versions 2.7, 2.12
  • Oracle Banking Digital Experience, versions 18.3, 19.1, 19.2, 21.1, 22.1, 22.2
  • Oracle Banking Electronic Data Exchange for Corporates, versions 14.5-14.7
  • Oracle Banking Liquidity Management, versions 14.5-14.7
  • Oracle Banking Loans Servicing, version 2.12
  • Oracle Banking Origination, versions 14.5-14.7
  • Oracle Banking Party Management, version 2.7
  • Oracle Banking Payments, versions 14.0-14.3, 14.5-14.7
  • Oracle Banking Platform, versions 2.6.2, 2.9.0
  • Oracle Banking Supply Chain Finance, versions 14.5-14.7
  • Oracle Banking Trade Finance, versions 14.5-14.7
  • Oracle Banking Trade Finance Process Management, versions 14.5-14.7
  • Oracle Banking Virtual Account Management, versions 14.5-14.7
  • Oracle Big Data Spatial and Graph, versions 2.5 and prior
  • Oracle Business Intelligence Enterprise Edition, versions 6.4.0.0.0, 7.0.0.0.0, 12.2.1.4.0
  • Oracle Business Process Management Suite, version 12.2.1.4.0
  • Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0
  • Oracle Commerce Guided Search, version 11.3.2
  • Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.4-12.0.0.8
  • Oracle Communications Cloud Native Core Binding Support Function, versions 23.1.0-23.1.8, 23.2.0-23.2.4
  • Oracle Communications Cloud Native Core Console, versions 23.1.1, 23.1.2, 23.2.1
  • Oracle Communications Cloud Native Core Network Exposure Function, versions 23.1.3, 23.3.0
  • Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 23.2.0, 23.2.2
  • Oracle Communications Cloud Native Core Network Repository Function, versions 23.1.3, 23.2.1, 23.3.0
  • Oracle Communications Cloud Native Core Policy, versions 23.1.0-23.1.8, 23.2.0-23.2.4
  • Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 23.1.0, 23.1.3, 23.3.0
  • Oracle Communications Cloud Native Core Unified Data Repository, version 23.1.2
  • Oracle Communications Convergent Charging Controller, version 12.0.6.0
  • Oracle Communications Diameter Signaling Router, versions 8.6.0.0, 9.0.0.0
  • Oracle Communications Element Manager, versions 9.0.0-9.0.2
  • Oracle Communications IP Service Activator, versions 7.4.0, 7.5.0
  • Oracle Communications MetaSolv Solution, version 6.3.1.0.0
  • Oracle Communications Network Analytics Data Director, version 23.2.0
  • Oracle Communications Network Charging and Control, version 12.0.6.0
  • Oracle Communications Order and Service Management, versions 7.4.0, 7.4.1
  • Oracle Communications Policy Management, version 12.6.0.0
  • Oracle Communications Session Report Manager, versions 9.0.0-9.0.2
  • Oracle Communications Unified Assurance, versions 5.5.0-5.5.17, 6.0.0-6.0.3
  • Oracle Communications WebRTC Session Controller, versions 7.2.0.0.0, 7.2.1.0.0
  • Oracle Data Integrator, version 12.2.1.4.0
  • Oracle Database Server, versions 19.3-19.20, 21.3-21.11
  • Oracle Documaker, versions 12.6.4-12.7.1
  • Oracle E-Business Suite, versions 12.2.3-12.2.12, [ECC] 8, [ECC] 9, [ECC] 10
  • Oracle Enterprise Communications Broker, versions 3.3, 4.0, 4.1
  • Oracle Enterprise Data Quality, version 12.2.1.4.0
  • Oracle Enterprise Manager Base Platform, version 13.5.0.0
  • Oracle Enterprise Manager for Peoplesoft, version 13.5.1.1
  • Oracle Enterprise Manager Ops Center, version 12.4.0.0
  • Oracle Enterprise Operations Monitor, versions 5.0, 5.1
  • Oracle Enterprise Session Border Controller, versions 9.0-9.2
  • Oracle Essbase, version 21.5.0.0.0
  • Oracle Financial Services Cash Flow Engine, version 8.1.2.0.0
  • Oracle Financial Services Model Management and Governance, versions 8.1.2.3, 8.1.2.4
  • Oracle FLEXCUBE Core Banking, versions 11.6-11.8, 11.10, 11.11
  • Oracle FLEXCUBE Enterprise Limits and Collateral Management, versions 12.3, 12.4, 14.0-14.3, 14.5-14.7
  • Oracle FLEXCUBE Universal Banking, versions 12.3, 12.4, 14.0-14.3, 14.5-14.7
  • Oracle Fusion Middleware MapViewer, version 12.2.1.4.0
  • Oracle Global Lifecycle Management OPatch, versions prior to 12.2.0.1.40
  • Oracle GoldenGate Studio, version 12.2.1.4.0
  • Oracle GraalVM for JDK, versions 17.0.8, 20.0.2
  • Oracle Graph Server and Client, versions 22.4.4 and prior
  • Oracle Healthcare Master Person Index, versions 5.0.0-5.0.6
  • Oracle HTTP Server, version 12.2.1.4.0
  • Oracle Hyperion Infrastructure Technology, version 11.2.14.0.0
  • Oracle Identity Manager, version 12.2.1.4.0
  • Oracle Java SE, versions 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2
  • Oracle Life Sciences InForm, version 7.0.0.0
  • Oracle Life Sciences InForm Publisher, version 6.3.1.0
  • Oracle Managed File Transfer, version 12.2.1.4.0
  • Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0
  • Oracle Outside In Technology, version 8.5.6
  • Oracle REST Data Services, versions prior to 23.2.2
  • Oracle Retail Bulk Data Integration, versions 16.0.3, 19.0.1
  • Oracle Retail Customer Management and Segmentation Foundation, versions 18.0.0.13, 19.0.0.7
  • Oracle Retail EFTLink, versions 20.0.1, 21.0.0, 22.0.0
  • Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1
  • Oracle Retail Fiscal Management, version 14.2
  • Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1
  • Oracle Retail Merchandising System, version 19.0.1
  • Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1
  • Oracle Retail Xstore Point of Service, versions 18.0.5, 19.0.4, 20.0.3, 21.0.2, 22.0.0
  • Oracle SD-WAN Edge, versions 9.1.1.5.0, 9.1.1.6.0
  • Oracle Secure Backup, versions 18.1.0.1.0, 18.1.0.2.0
  • Oracle Service Bus, version 12.2.1.4.0
  • Oracle SOA Suite, version 12.2.1.4.0
  • Oracle Solaris, versions 10, 11
  • Oracle Unified Directory, version 12.2.1.4.0
  • Oracle Utilities Application Framework, versions 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.0.1, 4.5.0.1.0-4.5.0.1.2
  • Oracle Utilities Network Management System, versions 2.3.0.2, 2.4.0.1
  • Oracle VM VirtualBox, versions prior to 7.0.12
  • Oracle WebCenter Content, version 12.2.1.4.0
  • Oracle WebCenter Portal, version 12.2.1.4.0
  • Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
  • PeopleSoft Enterprise CC Common Application Objects, version 9.2
  • PeopleSoft Enterprise HCM Global Payroll Switzerland, version 9.2
  • PeopleSoft Enterprise PeopleTools, versions 8.59, 8.60
  • Primavera Gateway, versions 19.12.0-19.12.17, 20.12.0-20.12.12, 21.12.0-21.12.10
  • Primavera Unifier, versions 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.16, 22.12.0-22.12.9
  • Siebel Applications, versions 23.8 and prior
  • Sun ZFS Storage Appliance, version 8.8.60
  • TimesTen In-Memory Database, versions prior to 18.1.4.38.0, prior to 18.1.4.39.0, prior to 22.1.1.18.0

Attack Vector

Varies based on product.

Attack Feasibility 

Varies based on product.

Remediation

Apply patches per vendor guidance.

Vendor Resources

Oracle Security Alert

<-- Return to Cybersecurity Alerts...

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC