暂无图片
暂无图片
暂无图片
暂无图片
暂无图片

2021年4月Oracle数据库CPU(重要补丁更新)发布

原创 通讯员 2021-04-21
2766

Oracle 4月20日发布了4月的Critical Patch Update,官方强烈建议尽快应用补丁,下面我们来看下与数据库有关的风险矩阵:

数据库产品风险矩阵

与数据库相关的安全补丁共有18个,分别如下:

  • 10 new security patches for Oracle Database Products
  • 1 new security patch for Oracle Global Lifecycle Management
  • No new security patches for Oracle Graph Server and Client, but third party patches are provided
  • 4 new security patches for Oracle NoSQL Database
  • 1 new security patch for Oracle REST Data Services
  • No new security patches for Oracle Secure Backup, but third party patches are provided
  • 2 new security patches for Oracle Spatial Studio
  • No new security patches for Oracle TimesTen In-Memory Database, but third party patches are provided

Oracle数据库风险矩阵

共有10个安全补丁与Oracle数据库有关,其中4个无需身份认证即可远程利用(不需要用户密码即可利用),另外这个安全补丁仅不适用于客户端程序,详细列表如下:

CVE# Component Package and/or Privilege Required Protocol Remote Exploit without Auth.? Supported Versions Affected Notes Base Score Attack Vector Attack Complex Privs Req’d User Interact Scope Confid-entiality Inte-grity Avail-ability
CVE-2020-5360 Oracle Database - Enterprise Edition Security (Dell BSAFE Micro Edition Suite) None Multiple Yes 7.5 Network Low None None Un-changed None None High 12.1.0.2, 12.2.0.1, 18c, 19c
CVE-2020-17527 Workload Manager (Apache Tomcat) None HTTP Yes 7.5 Network Low None None Un-changed High None None 18c, 19c
CVE-2019-3740 Oracle Database - Enterprise Edition (Dell BSAFE Crypto-J) None Oracle Net Yes 6.5 Network Low None Required Un-changed High None None 12.1.0.2, 12.2.0.1, 18c, 19c
CVE-2020-11023 Oracle Application Express (jQuery) None HTTP Yes 6.1 Network Low None Required Changed Low Low None Prior to 20.2
CVE-2021-2234 Java VM Create Session Oracle Net No 5.3 Network High Low None Un-changed None High None 12.1.0.2, 12.2.0.1, 18c, 19c
CVE-2020-7760 Oracle Application Express (CodeMirror) Valid User Account HTTP No 4.3 Network Low Low None Un-changed None None Low Prior to 20.2
CVE-2021-2173 Recovery DBA Level Account Oracle Net No 4.1 Network Low High None Changed Low None None 12.1.0.2, 12.2.0.1, 18c, 19c
CVE-2021-2175 Database Vault Create Any View, Select Any View Oracle Net No 2.7 Network Low High None Un-changed Low None None 12.1.0.2, 12.2.0.1, 18c, 19c
CVE-2021-2245 Oracle Database - Enterprise Edition Unified Audit Create Audit Policy Oracle Net No 2.7 Network Low High None Un-changed None Low None 18c,19c
CVE-2021-2207 Oracle Database - Enterprise Edition RMAN executable Local Logon No 2.3 Local Low High None Un-changed None Low None 12.1.0.2, 12.2.0.1, 18c, 19c

补充说明:
CVE-2019-3740的补丁包含了CVE-2019-3738和CVE-2019-3739
CVE-2020-11023的补丁包含了CVE-2019-11358和CVE-2020-11022.
CVE-2020-17527的补丁包含了CVE-2020-13943和CVE-2020-9484.
CVE-2020-5360的补丁包含了CVE-2020-5359.

最后修改时间:2021-04-21 10:28:03
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。

评论