Lucene search

K
oracleOracleORACLE:CPUJAN2021
HistoryJan 19, 2021 - 12:00 a.m.

Oracle Critical Patch Update Advisory - January 2021

2021-01-1900:00:00
www.oracle.com
188
oracle
critical patch update
security vulnerabilities
patches
malicious exploitation

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

Low

EPSS

0.975

Percentile

100.0%

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to “Critical Patch Updates, Security Alerts and Bulletins” for information about Oracle Security advisories.

Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.

This Critical Patch Update contains 329 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at January 2021 Critical Patch Update: Executive Summary and Analysis.

Please note that since the release of the October 2020 Critical Patch Update, Oracle has released a Security Alert for Oracle WebLogic Server:CVE-2020-14750 (November 1, 2020). Customers are strongly advised to apply this Critical Patch Update, which includes patches for this Alert as well as additional patches.

Affected configurations

Vulners
Node
oraclecommunications_calendar_serverRange8.0.0.4.0
OR
oraclecommunications_contacts_serverRange8.0.0.5.0
OR
oraclecommunications_metasolv_solutionRange6.3.0
OR
oraclecommunications_network_charging_and_controlRange6.0.1
OR
oraclecommunications_network_charging_and_controlRange12.0.2
OR
oraclecommunications_brm_-_elastic_charging_engineRange11.3.0.9
OR
oraclecommunications_brm_-_elastic_charging_engineRange12.0.0.3
OR
oraclecommunications_asapRange7.3
OR
oraclecommunications_operations_monitorRange3.4
OR
oraclecommunications_operations_monitorRange4.2
OR
oraclecommunications_operations_monitorRange4.3
OR
oraclecommunications_operations_monitorRange4.1
OR
oraclecommunications_diameter_signaling_router_\(dsr\)Range8.0.0
OR
oraclecommunications_application_session_controllerRange3.9m0p2
OR
oraclecommunications_element_managerRange8.2.1.0
OR
oracleenterprise_communications_brokerRange3.1
OR
oracleenterprise_communications_brokerRange3.2
OR
oraclesd-wan_edgeRange9.0
OR
oraclecommunications_session_report_managerRange8.2.1.0
OR
oraclecommunications_performance_intelligence_centerRange10.4.0.2
OR
oracleprimavera_unifierRange17.7
OR
oracleprimavera_unifierRange20.12
OR
oracleprimavera_unifierRange16.1
OR
oracleprimavera_unifierRange19.12
OR
oracleprimavera_unifierRange18.8
OR
oracleprimavera_unifierRange16.2
OR
oracleinstantis_enterprisetrackRange17.1
OR
oracleprimavera_gatewayRange16.2.0
OR
oracleprimavera_gatewayRange19.12.0
OR
oracleprimavera_gatewayRange17.12.0
OR
oracleprimavera_gatewayRange18.8.0
OR
oracleprimavera_p6_enterprise_project_portfolio_managementRange19.12.0
OR
oracleprimavera_p6_enterprise_project_portfolio_managementRange17.1.0
OR
oracleprimavera_p6_enterprise_project_portfolio_managementRange18.1.0
OR
oracleprimavera_p6_enterprise_project_portfolio_managementRange16.1.0
OR
oraclescriptingRange12.2.3
OR
oraclescriptingRange12.1.1
OR
oracleone-to-one_fulfillmentRange12.2.3
OR
oracleone-to-one_fulfillmentRange12.1.1
OR
oraclecommon_applicationsRange12.2.3
OR
oraclecommon_applicationsRange12.1.1
OR
oraclecommon_applications_calendarRange12.2.3
OR
oraclecommon_applications_calendarRange12.1.1
OR
oraclecrm_technical_foundationRange12.2.3
OR
oraclecrm_technical_foundationRange12.1.3
OR
oraclecustomer_interaction_historyRange12.2.3
OR
oraclecustomer_interaction_historyRange12.1.1
OR
oracleemail_centerRange12.2.3
OR
oracleemail_centerRange12.1.1
OR
oracleistoreRange12.2.3
OR
oracleistoreRange12.1.1
OR
oracleisupportRange12.2.3
OR
oracleisupportRange12.1.1
OR
oraclemarketingRange12.2.3
OR
oraclemarketingRange12.1.1
OR
oracleworkflowRange12.2.3
OR
oracleinstalled_baseRange12.2.3
OR
oracleinstalled_baseRange12.1.1
OR
oracleuser_managementRange12.2.3
OR
oracleuser_managementRange12.1.3
OR
oracleenterprise_manager_base_platformRange13.3.0.0
OR
oracleenterprise_manager_base_platformRange13.2.1.0
OR
oracleenterprise_manager_base_platformRange13.4.0.0
OR
oracleenterprise_manager_ops_centerRange12.4.0.0
OR
oracleapplication_testing_suiteRange13.3.0.1
OR
oracleenterprise_manager_for_fusion_applicationsRange13.3.0.0
OR
oraclebanking_corporate_lending_process_managementRange14.1.0
OR
oraclebanking_corporate_lending_process_managementRange14.4.0
OR
oraclebanking_corporate_lending_process_managementRange14.3.0
OR
oraclebanking_credit_facilities_process_managementRange14.1.0
OR
oraclebanking_credit_facilities_process_managementRange14.4.0
OR
oraclebanking_credit_facilities_process_managementRange14.3.0
OR
oraclebanking_extensibility_workbenchRange14.4.0
OR
oraclebanking_extensibility_workbenchRange14.3.0
OR
oraclebanking_liquidity_managementRange14.0.0
OR
oraclebanking_paymentsRange14.4.0
OR
oraclebanking_supply_chain_financeRange14.2.0
OR
oraclebanking_trade_finance_process_managementRange14.1.0
OR
oraclebanking_trade_finance_process_managementRange14.4.0
OR
oraclebanking_trade_finance_process_managementRange14.3.0
OR
oraclebanking_virtual_account_managementRange14.1.0
OR
oraclebanking_virtual_account_managementRange14.4.0
OR
oraclebanking_virtual_account_managementRange14.3.0
OR
oraclefinancial_services_analytical_applications_infrastructureRange8.0.6
OR
oraclefinancial_services_data_integration_hubRange8.0.6
OR
oraclefinancial_services_data_integration_hubRange8.0.3
OR
oraclefinancial_services_market_risk_measurement_and_managementRange8.0.6
OR
oracleflexcube_universal_bankingRange14.4.0
OR
oracleflexcube_core_bankingRange11.5.0
OR
oraclebanking_platformRange2.8.0
OR
oraclebanking_platformRange2.9.0
OR
oraclebanking_platformRange2.7.0
OR
oraclebanking_platformRange2.7.1
OR
oraclebanking_platformRange2.4.1
OR
oraclebanking_platformRange2.4.0
OR
oraclebanking_platformRange2.6.2
OR
oraclefinancial_services_asset_liability_managementRange8.0.7
OR
oraclefinancial_services_asset_liability_managementRange8.1.0
OR
oraclefinancial_services_funds_transfer_pricingRange8.0.7
OR
oraclefinancial_services_funds_transfer_pricingRange8.1.0
OR
oraclefinancial_services_funds_transfer_pricingRange8.0.6
OR
oraclefinancial_services_profitability_managementRange8.0.7
OR
oraclefinancial_services_profitability_managementRange8.1.0
OR
oraclefinancial_services_profitability_managementRange8.0.6
OR
oracleinsurance_allocation_manager_for_enterprise_profitabilityRange8.1.0
OR
oraclefinancial_services_revenue_management_and_billingRange2.9.0.0
OR
oraclefinancial_services_revenue_management_and_billingRange2.9.0.1
OR
oraclehospitality_simphonyRange19.1.3
OR
oraclehospitality_simphonyRange18.2.7.2
OR
oraclehospitality_reporting_and_analyticsRange9.1.0
OR
oraclebusiness_activity_monitoringRange12.2.1.3.0
OR
oraclebusiness_activity_monitoringRange11.1.1.9.0
OR
oraclebusiness_process_management_suiteRange12.2.1.3.0
OR
oraclebusiness_process_management_suiteRange12.2.1.4.0
OR
oraclecoherenceRange12.1.3.0.0
OR
oraclecoherenceRange12.2.1.3.0
OR
oraclecoherenceRange12.2.1.4.0
OR
oraclecoherenceRange3.7.1.0
OR
oraclecoherenceRange14.1.1.0.0
OR
oracledata_integratorRange12.2.1.3.0
OR
oracledata_integratorRange12.2.1.4.0
OR
oracledata_integratorRange11.1.1.9.0
OR
oracleenterprise_data_qualityRange12.2.1.3.0
OR
oracleenterprise_data_qualityRange11.1.1.9.0
OR
oracleenterprise_repositoryRange11.1.1.7.0
OR
oraclewebcenter_portalRange12.2.1.3.0
OR
oraclewebcenter_portalRange12.2.1.4.0
OR
oraclewebcenter_portalRange11.1.1.9.0
OR
oracleweblogic_serverRange12.1.3.0.0
OR
oracleweblogic_serverRange10.3.6.0.0
OR
oracleweblogic_serverRange12.2.1.3.0
OR
oracleweblogic_serverRange12.2.1.4.0
OR
oracleweblogic_serverRange14.1.1.0.0
OR
oraclereal-time_decision_serverRange3.2.1.0
OR
oracleendeca_information_discovery_integratorRange3.2.0.0
OR
oracleoutside_in_technologyRange8.5.5
OR
oracleoutside_in_technologyRange8.5.4
OR
oraclebusiness_intelligence_enterprise_editionRange12.2.1.3.0
OR
oraclebusiness_intelligence_enterprise_editionRange5.5.0.0.0
OR
oraclebusiness_intelligence_enterprise_editionRange12.2.1.4.0
OR
oraclebusiness_intelligence_enterprise_editionRange11.1.1.9.0
OR
oraclebi_publisherRange12.2.1.3.0
OR
oraclebi_publisherRange5.5.0.0.0
OR
oraclebi_publisherRange12.2.1.4.0
OR
oraclebi_publisherRange11.1.1.9.0
OR
oraclemanaged_file_transferRange12.2.1.3.0
OR
oraclemanaged_file_transferRange12.2.1.4.0
OR
oraclefusion_middleware_mapviewerRange12.2.1.3.0
OR
oracleadaptive_access_managerRange11.1.2.3.0
OR
oraclegoldengate_application_adaptersRange19.1.0.0.0
OR
oraclewebcenter_sitesRange12.2.1.3.0
OR
oraclewebcenter_sitesRange12.2.1.4.0
OR
oraclebusiness_intelligenceRange12.2.1.3.0enterprise
OR
oraclebusiness_intelligenceRange5.5.0.0.0enterprise
OR
oraclebusiness_intelligenceRange12.2.1.4.0enterprise
OR
oraclebusiness_intelligenceRange11.1.1.9.0enterprise
OR
oraclegraalvm_enterprise_editionRange20.3.0
OR
oraclegraalvm_enterprise_editionRange19.3.4
OR
oraclehealth_sciences_information_managerRange3.0.1
OR
oraclehealthcare_master_person_indexRange4.0.2.5
OR
oracleargus_safetyRange8.2.2
OR
oraclehyperion_infrastructure_technologyRange11.1.2.4
OR
oraclehyperion_financial_reportingRange11.1.2.4
OR
oracleinsurance_policy_administrationRange10.2.0
OR
oracleinsurance_policy_administrationRange10.2.4
OR
oracleinsurance_policy_administrationRange11.0.2
OR
oracleinsurance_policy_administrationRange11.1.0
OR
oracleinsurance_rules_paletteRange10.2.0
OR
oracleinsurance_rules_paletteRange10.2.4
OR
oracleinsurance_rules_paletteRange11.0.2
OR
oracleinsurance_rules_paletteRange11.1.0
OR
oracleinsurance_insbridge_rating_and_underwritingRange5.1.1.03
OR
oracleinsurance_insbridge_rating_and_underwritingRange5.0.0.20
OR
sunjava_seRange7u281
OR
sunjava_seRange8u271
OR
oraclejd_edwards_enterpriseone_toolsRange9.2.5.0
OR
oraclejd_edwards_enterpriseone_orchestratorRange9.2.5.0
OR
oraclejd_edwards_enterpriseone_orchestratorRange9.2.5.1
OR
oraclemysql_workbenchRange8.0.22
OR
oraclemysql_enterprise_monitorRange8.0.22
OR
mysqlmysql_serverRange5.7.32
OR
mysqlmysql_serverRange8.0.20
OR
mysqlmysql_serverRange8.0.19
OR
mysqlmysql_serverRange8.0.22
OR
mysqlmysql_serverRange5.6.50
OR
mysqlmysql_serverRange8.0.17
OR
mysqlmysql_serverRange8.0.21
OR
mysqlmysql_serverRange5.7.30
OR
-mysql_clientRange5.7.32
OR
-mysql_clientRange8.0.19
OR
-mysql_clientRange8.0.22
OR
-mysql_clientRange5.6.50
OR
-mysql_clientRange5.6.47
OR
-mysql_clientRange5.7.29
OR
oraclepeoplesoft_enterprise_peopletoolsRange8.56
OR
oraclepeoplesoft_enterprise_peopletoolsRange8.57
OR
oraclepeoplesoft_enterprise_peopletoolsRange8.58
OR
oraclepeoplesoft_enterprise_human_capital_management_human_resourcesRange9.2
OR
oraclepeoplesoft_enterprise_fin_payablesRange9.2
OR
oracleretail_customer_management_and_segmentation_foundationRange19.0
OR
oracleretail_customer_management_and_segmentation_foundationRange17.0
OR
oracleretail_customer_management_and_segmentation_foundationRange18.0
OR
oracleretail_customer_management_and_segmentation_foundationRange16.0
OR
oracleretail_merchandising_systemRange15.0
OR
oracleretail_sales_auditRange14.1
OR
oracleretail_extract_transform_and_loadRange13.2.5
OR
oracleretail_extract_transform_and_loadRange13.2.8
OR
oracleretail_order_brokerRange15.0
OR
oracleretail_order_brokerRange16.0
OR
oracleretail_invoice_matchingRange13.2
OR
oracleretail_invoice_matchingRange14.1
OR
oracleretail_invoice_matchingRange14.0
OR
oracleretail_bulk_data_integrationRange15.0.3
OR
oracleretail_bulk_data_integrationRange16.0.3
OR
oracleretail_financial_integrationRange16.0.3
OR
oracleretail_financial_integrationRange14.1.3
OR
oracleretail_financial_integrationRange15.0.3
OR
oracleretail_integration_busRange16.0.3
OR
oracleretail_integration_busRange14.1.3
OR
oracleretail_integration_busRange15.0.3
OR
oracleretail_service_backboneRange16.0.3
OR
oracleretail_service_backboneRange14.1.3
OR
oracleretail_service_backboneRange15.0.3
OR
oracleretail_store_inventory_managementRange16.0.3.0
OR
oracleretail_store_inventory_managementRange14.1.3.9
OR
oracleretail_store_inventory_managementRange14.0.4.0
OR
oracleretail_store_inventory_managementRange15.0.3.0
OR
oracleretail_store_inventory_managementRange14.1.3.0
OR
oracleretail_assortment_planningRange16.0.3
OR
oracleretail_order_broker_cloud_serviceRange15.0
OR
oraclesiebel_core-server_frameworkRange20.12
OR
oraclesiebel_ui_frameworkRange20.12
OR
oraclesiebel_mobileRange20.12
OR
oracleserver_bizlogic_scriptRange20.12
OR
oraclecomplex_maintenance\,_repair\,_and_overhaulRange11.5.10
OR
oraclecomplex_maintenance\,_repair\,_and_overhaulRange12.2
OR
oraclecomplex_maintenance\,_repair\,_and_overhaulRange12.1
OR
oracleconfiguratorRange12.2
OR
oracleconfiguratorRange12.1
OR
oracleagile_plmRange9.3.5
OR
oracleagile_plmRange9.3.6
OR
oracleagile_engineering_data_managementRange6.2.1.0
OR
oracleagile_product_lifecycle_management_for_processRange6.1
OR
oracletransportation_managementRange1.4.3
OR
oraclezfs_storage_appliance_kitRange8.8
OR
oraclestoragetek_tape_analytics_sw_toolRange2.3.1
OR
oracleutilities_frameworkRange4.2.0.3.0
OR
oracleutilities_frameworkRange4.4.0.0.0
OR
oracleutilities_frameworkRange4.2.0.2.0
OR
oracleutilities_frameworkRange4.4.0.2.0
OR
oracleutilities_frameworkRange4.3.0.1.0
OR
oraclevm_virtualboxRange6.1.18
VendorProductVersionCPE
oraclecommunications_calendar_server*cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*
oraclecommunications_contacts_server*cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*
oraclecommunications_metasolv_solution*cpe:2.3:a:oracle:communications_metasolv_solution:*:*:*:*:*:*:*:*
oraclecommunications_network_charging_and_control*cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
oraclecommunications_brm_-_elastic_charging_engine*cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
oraclecommunications_asap*cpe:2.3:a:oracle:communications_asap:*:*:*:*:*:*:*:*
oraclecommunications_operations_monitor*cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*
oraclecommunications_diameter_signaling_router_\(dsr\)*cpe:2.3:a:oracle:communications_diameter_signaling_router_\(dsr\):*:*:*:*:*:*:*:*
oraclecommunications_application_session_controller*cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*
oraclecommunications_element_manager*cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 1211

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

Low

EPSS

0.975

Percentile

100.0%