Number: AV21-031
Date: 20 January 2021
On 19 January 2021 Oracle published a Critical Patch Update Advisory to address vulnerabilities in multiple products. Included were critical updates for the following:
- Enterprise Manager Base Platform – multiple versions
- Enterprise Manager Ops Center - version 12.4.0.0
- Hyperion Infrastructure Technology - version 11.1.2.4
- Oracle Application Testing Suite - version 13.3.0.1
- Oracle BAM (Business Activity Monitoring) - versions 11.1.1.9.0 and 12.2.1.3.0
- Oracle Banking Corporate Lending Process Management - multiple versions
- Oracle Banking Credit Facilities Process Management - multiple versions
- Oracle Banking Extensibility Workbench 14.3.0 and 14.4.0
- Oracle Banking Liquidity Management - versions 14.0.0 to 14.4.0
- Oracle Banking Payments - version 14.4.0
- Oracle Banking Supply Chain Finance - versions 14.2.0 to 14.4.0
- Oracle Banking Trade Finance Process Management - multiple versions
- Oracle Banking Virtual Account Management - multiple versions
- Oracle Business Process Management Suite - versions 12.2.1.3.0 and 12.2.1.4.0
- Oracle Coherence - multiple versions
- Oracle Communications Operations Monitor - versions 4.2 and 4.3
- Oracle Data Integrator - versions 12.2.1.3.0 and 12.2.1.4.0
- Oracle Enterprise Data Quality - versions 11.1.1.9.0 and 12.2.1.3.0
- Oracle Enterprise Repository - version 11.1.1.7.0
- Oracle Financial Services Analytical Applications Infrastructure - versions 8.0.6 to 8.1.0
- Oracle Financial Services Data Integration Hub - versions 8.0.3 and 8.0.6
- Oracle Financial Services Market Risk Measurement and Management - version 8.0.6
- Oracle Health Sciences Information Manager - version 3.0.1
- Oracle Hospitality Simphony - versions 18.2.7.2 and 19.1.3
- Oracle Real-Time Decision Server - version 3.2.1.0
- Oracle Retail Customer Management and Segmentation Foundation - multiple versions
- Oracle Retail Extract Transform and Load - versions 13.2.5 and 13.2.8
- Oracle Retail Merchandising System - version 15.0
- Oracle Retail Sales Audit - version 14.1
- Oracle Utilities Framework - multiple versions
- Oracle WebCenter Portal - versions 11.1.1.9.0
- Oracle WebLogic Server - multiple versions
- Oracle ZFS Storage Appliance Kit - version 8.8
- Primavera Unifier - multiple versions
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.
Oracle Critical Patch Update Advisory - January 2021
https://www.oracle.com/security-alerts/cpujan2021.html
Note to Readers
The Canadian Centre for Cyber Security (Cyber Centre) operates as part of the Communications Security Establishment. We are Canada’s national authority on cyber security and we lead the government’s response to cyber security events. As Canada's national computer security incident response team, the Cyber Centre works in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to prepare for, respond to, mitigate, and recover from cyber events. We do this by providing authoritative advice and support, and coordinating information sharing and incident response. The Cyber Centre is outward-facing, welcoming partnerships that help build a stronger, more resilient cyber space in Canada.