Cyber999 Advisories

24 July 2024     Advisory

MA-1107.072024: MyCERT Advisory - Oracle Releases Critical Patch Update Advisory for July 2024


1.0 Introduction
Recently, Oracle released its quarterly Critical Patch Update Advisory for July 2024 to address vulnerabilities in multiple products.

2.0 Impact
A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products
Please click on the links in the Patch Availability Document column below to access the documentation for patch availability information and installation instructions.

Affected Products and Versions Patch Availability Document
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.8.3 JD Edwards
JD Edwards EnterpriseOne Tools, versions prior to 9.2.8.2 JD Edwards
JD Edwards World Security, version A9.4 JD Edwards
Management Pack for Oracle GoldenGate, version 12.2.1.2 Database
MySQL Cluster, versions 7.5.34 and prior, 7.6.30 and prior, 8.0.37 and prior, 8.1.0 and prior, 8.3.0 and prior, 8.4.0 and prior MySQL
MySQL Connectors, versions 8.4.0 and prior MySQL
MySQL Enterprise Monitor, versions 8.0.38 and prior MySQL
MySQL Server, versions 8.0.37 and prior, 8.0.38, 8.2.0 and prior, 8.3.0 and prior, 8.4.0 and prior, 8.4.1, 9.0.0 MySQL
MySQL Workbench, versions 8.0.36 and prior MySQL
Oracle Access Manager, version 12.2.1.4.0 Fusion Middleware
Oracle Agile Engineering Data Management, versions 6.2.1.0-6.2.1.9 Oracle Supply Chain Products
Oracle Analytics Desktop, versions prior to 7.7.0, prior to 7.8.0 Oracle Analytics
Oracle Application Express, version 23.2 Database
Oracle Application Testing Suite, version 13.3.0.1 Oracle Enterprise Manager
Oracle Autovue for Agile Product Lifecycle Management, version 21.0.2 Oracle Supply Chain Products
Oracle Banking Branch, versions 14.4.0.0.0, 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Cash Management, versions 14.4.0.0.0, 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Corporate Lending Process Management, versions 14.4.0.0.0, 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Credit Facilities Process Management, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0.0.0 Oracle Banking Deposits and Lines of Credit Servicing
Oracle Banking Liquidity Management, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Origination, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Banking Party Management, version 2.7.0.0.0 Oracle Banking Platform
Oracle Banking Platform, version 2.4.0.0.0 Oracle Banking Platform
Oracle Banking Virtual Account Management, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Big Data Spatial and Graph, version 3.0.6 Database
Oracle Business Activity Monitoring, version 12.2.1.4.0 Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 7.0.0.0.0, 7.6.0.0.0, 12.2.1.4.0 Oracle Analytics
Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle Commerce Guided Search, version 11.3.2 Oracle Commerce
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2 Oracle Commerce
Oracle Communications ASAP, version 7.4 Oracle Communications ASAP
Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.8.0, 15.0.0.0.0 Oracle Communications Billing and Revenue Management
Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.4-12.0.0.8, 15.0.0.0 Oracle Communications BRM - Elastic Charging Engine
Oracle Communications Cloud Native Core Automated Test Suite, versions 23.1.0, 23.4.0 Oracle Communications Cloud Native Core Automated Test Suite
Oracle Communications Cloud Native Core Binding Support Function, versions 23.4.0-23.4.3 Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Console, versions 23.4.0, 23.4.1 Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core Network Data Analytics Function, version 24.2.0 Oracle Communications Cloud Native Core Network Data Analytics Function
Oracle Communications Cloud Native Core Network Exposure Function, version 23.4.3 Oracle Communications Cloud Native Core Network Exposure Function
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 23.4.0, 24.1.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function, version 23.4.2 Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Policy, versions 23.4.0-23.4.4 Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 23.4.0, 24.1.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy, versions 23.4.0, 23.4.1, 23.4.2, 24.1.0 Oracle Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository, versions 23.4.1, 23.4.2 Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Converged Charging System, versions 2.0.0.0.0, 2.0.0.1.0 Oracle Communications Converged Charging System
Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0, 15.0.0.0.0 Oracle Communications Convergent Charging Controller
Oracle Communications Diameter Signaling Router, versions 8.6.0.4-8.6.0.8 Oracle Communications Diameter Signaling Router
Oracle Communications EAGLE Element Management System, versions 46.6.4, 46.6.5 Oracle Communications EAGLE Element Management System
Oracle Communications Element Manager, versions 9.0.0-9.0.3 Oracle Communications Element Manager
Oracle Communications Network Analytics Data Director, versions 23.4.0, 24.1.0 Oracle Communications Network Analytics Data Director
Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0, 15.0.0.0.0 Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor, versions 5.1, 5.2 Oracle Communications Operations Monitor
Oracle Communications Performance Intelligence, version 10.5 Oracle Communications Performance Intelligence Center (PIC) Software
Oracle Communications Policy Management, versions 12.6.1.0.0, 15.0.0.0.0 Oracle Communications Policy Management
Oracle Communications Pricing Design Center, versions 12.0.0.4.0-12.0.0.8.0, 15.0.0.0.0 Oracle Communications Pricing Design Center
Oracle Communications Service Catalog and Design, versions 7.4.0-7.4.2, 8.0.0 Oracle Communications Service Catalog and Design
Oracle Communications Session Border Controller, versions 4.1.0, 4.2.0, 9.2.0, 9.3.0 Oracle Communications Session Border Controller
Oracle Communications Session Report Manager, versions 9.0.0-9.0.3 Oracle Communications Session Report Manager
Oracle Communications Unified Assurance, versions 5.5.0-5.5.21, 6.0.0-6.0.4 Oracle Communications Unified Assurance
Oracle Communications Unified Inventory Management, versions 7.4.1, 7.4.2 Oracle Communications Unified Inventory Management
Oracle Communications User Data Repository, versions 12.11.0, 12.11.3, 12.11.4 Oracle Communications User Data Repository
Oracle Data Integrator, version 12.2.1.4.0 Fusion Middleware
Oracle Database Server, versions 19.3-19.23, 21.3-21.14, 23.4 Database
Oracle Documaker, versions 12.6.4, 12.7.1 Oracle Insurance Applications
Oracle E-Business Suite, versions 12.2.3-12.2.13 Oracle E-Business Suite
Oracle Enterprise Data Quality, version 12.2.1.4.0 Fusion Middleware
Oracle Enterprise Manager Base Platform, version 13.5.0.0 Oracle Enterprise Manager
Oracle Essbase, version 21.5.6 Database
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7, 8.0.8, 8.1.1, 8.1.2 Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Basel Regulatory Capital Basic, versions 8.0.7.3, 8.0.8.3 Oracle Financial Services Basel Regulatory Capital Basic
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, versions 8.0.7.3, 8.0.8.3 Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach
Oracle Financial Services Behavior Detection Platform, versions 8.0.8.1, 8.1.1.1, 8.1.2.6, 8.1.2.7 Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Compliance Studio, versions 8.1.2.6, 8.1.2.7 Oracle Financial Services Compliance Studio
Oracle Financial Services Enterprise Case Management, versions 8.0.8.2.8, 8.1.1.1.18, 8.1.2.6.4, 8.1.2.7.3 Oracle Financial Services Enterprise Case Management
Oracle Financial Services Model Management and Governance, versions 8.1.2.5, 8.1.2.6 Oracle Financial Services Model Management and Governance
Oracle Financial Services Revenue Management and Billing, versions 6.0.0.0.0, 6.1.0.0.0 Oracle Financial Services Revenue Management and Billing
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, version 8.0.8.0 Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
Oracle FLEXCUBE Investor Servicing, versions 14.5.0.0.0, 14.7.0.0.0 Contact Support
Oracle FLEXCUBE Universal Banking, versions 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 Contact Support
Oracle Fusion Middleware, version 12.2.1.4.0 Fusion Middleware
Oracle Global Lifecycle Management NextGen OUI Framework, version 12.2.1.4.0 Fusion Middleware
Oracle GoldenGate, versions 19.1.0.0.0-19.23.0.0.240716, 21.3-21.14 Database
Oracle GoldenGate Big Data and Application Adapters, versions 19.1.0.0.0-19.1.0.0.18, 21.3-21.14.0.0.0 Database
Oracle GoldenGate Studio, version 12.2.0.4.0 Database
Oracle GraalVM Enterprise Edition, versions 20.3.14, 21.3.10 Java SE
Oracle GraalVM for JDK, versions 17.0.11, 21.0.3, 22.0.1 Java SE
Oracle Graph Server and Client, versions 22.4.7 and prior, 23.4.2 and prior, 24.1.0 and prior Database
Oracle Healthcare Data Repository, versions 8.1.4, 8.2.0 HealthCare Applications
Oracle Healthcare Foundation, versions 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4 HealthCare Applications
Oracle Healthcare Master Person Index, versions 5.0.0-5.0.9 HealthCare Applications
Oracle HTTP Server, version 12.2.1.4.0 Fusion Middleware
Oracle Hyperion Data Relationship Management, version 11.2.17.0.0 Oracle Enterprise Performance Management
Oracle Hyperion Financial Close Management, version 11.2.17.0.0 Oracle Enterprise Performance Management
Oracle Hyperion Infrastructure Technology, version 11.2.17.0.0 Oracle Enterprise Performance Management
Oracle Identity Manager, version 12.2.1.4.0 Fusion Middleware
Oracle Insurance Policy Administration J2EE, versions 11.2.12, 11.3.0-11.3.2 Oracle Insurance Applications
Oracle Java SE, versions 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1 Java SE
Oracle JDeveloper, version 12.2.1.4.0 Fusion Middleware
Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0 Fusion Middleware
Oracle NoSQL Database, versions 1.4, 1.5, prior to 19.5.42, prior to 20.3.40, prior to 21.2.27, prior to 22.3.46, prior to 23.3.32 NoSQL Database
Oracle Outside In Technology, version 8.5.7 Fusion Middleware
Oracle Reports Developer, versions 12.2.1.4.0, 12.2.1.19.0 Fusion Middleware
Oracle REST Data Services, versions prior to 23.3.1, prior to 24.1.0 Database
Oracle Retail Assortment Planning, versions 15.0.3, 16.0.3 Retail Applications
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 Retail Applications
Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3 Retail Applications
Oracle Retail Xstore Office, versions 19.0.5, 20.0.3, 20.0.4, 22.0.0, 23.0.1 Retail Applications
Oracle Service Bus, version 12.2.1.4.0 Fusion Middleware
Oracle Solaris, version 11 Systems
Oracle TimesTen In-Memory Database, versions 22.1.1.1.0-22.1.1.24.0 Database
Oracle Unified Directory, version 12.2.1.4.0 Fusion Middleware
Oracle Utilities Application Framework, versions 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1-4.5.0.1.3, 24.1.0.0.0, 24.2.0.0.0 Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 7.0.20 Virtualization
Oracle WebCenter Content, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Portal, version 12.2.1.4.0 Fusion Middleware
Oracle WebCenter Sites, version 12.2.1.4.0 Fusion Middleware
Oracle WebLogic Server, versions 12.2.1.4.0, 14.1.1.0.0 Fusion Middleware
Oracle ZFS Storage Appliance Kit, version 8.8 Systems
PeopleSoft Enterprise HCM Human Resources, version 9.2 PeopleSoft
PeopleSoft Enterprise HCM Shared Components, version 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.59, 8.60, 8.61 PeopleSoft
Primavera Gateway, versions 19.12.0-19.12.19, 20.12.0-20.12.14, 21.12.0-21.12.12 Oracle Construction and Engineering Suite
Primavera Unifier, versions 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.13, 23.12.0-23.12.6 Oracle Construction and Engineering Suite
Siebel Applications, versions 22.12 and prior, 23.12 and prior, 24.6 and prior Siebel


4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review  Oracle’s July 2024 Critical Patch Update Advisory  and apply the necessary updates.

Kindly refer to the following URL for more information:  https://www.oracle.com/security-alerts/cpujul2024.html

Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact the Cyber999 Incident Response Team through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web:  https://www.mycert.org.my  

5.0 References

logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

TOP
ASK Byte
Chatbot Portal

Hi, I am ASK Byte. Please submit your questions about the portal and I will try to get answers from online knowledge stores.

Hi, Saya Admin Chatbot. Saya sedia chat dengan anda secara terus. Bagaimana saya boleh membantu anda?

Click the button below to interact with the CSM chatbot

Proceed