この記事は会員限定です。会員登録すると全てご覧いただけます。
Oracleは2023年4月の「Oracle Critical Patch Update Advisory」を発行した。多くのOracle製品のセキュリティ情報が公開されており、CVSSスコア値が9以上の緊急度の高い脆弱(ぜいじゃく)性も数多く報告されている。Oracle製品を使用している場合は、該当する製品を確認し適切に対応することが望まれる。
Oracle Critical Patch Update Advisory(出典:OracleのWebサイト)
公開された脆弱性は以下の通りだ。
以下の脆弱性は共通脆弱性評価システム(CVSS)のスコア値が9以上で深刻度が「緊急」(Critical)とされている。
- CVE-2022-23457 - Oracle GoldenGate Studio(CVSS: 9.8)
- CVE-2021-42575 - Oracle Commerce Platform(CVSS: 9.8)
- CVE-2020-35168 - Oracle Communications IP Service Activator(CVSS: 9.8)
- CVE-2022-1471 - Oracle Communications Unified Assurance(CVSS: 9.8)
- CVE-2022-1471 - Oracle Communications Unified Inventory Management(CVSS: 9.8)
- CVE-2022-36760 - Oracle Communications Unified Assurance(CVSS: 9.0)
- CVE-2022-43401 - Oracle Communications Cloud Native Core Automated Test Suite(CVSS: 9.9)
- CVE-2022-43402 - Oracle Communications Cloud Native Core Automated Test Suite(CVSS: 9.9)
- CVE-2022-45047 - Management Cloud Engine(CVSS: 9.8)
- CVE-2023-25613 - Oracle Communications Cloud Native Configuration Console(CVSS: 9.8)
- CVE-2022-47629 - Oracle Communications Cloud Native Configuration Console(CVSS: 9.8)
- CVE-2022-45047 - Oracle Communications Cloud Native Core Automated Test Suite(CVSS: 9.8)
- CVE-2022-47629 - Oracle Communications Cloud Native Core Network Exposure Function(CVSS: 9.8)
- CVE-2022-47629 - Oracle Communications Cloud Native Core Policy(CVSS: 9.8)
- CVE-2022-47629 - Oracle Communications Cloud Native Core Security Edge Protection Proxy(CVSS: 9.8)
- CVE-2022-47629 - Oracle Communications Cloud Native Core Unified Data Repository(CVSS: 9.8)
- CVE-2022-46364 - Oracle Communications Diameter Signaling Router(CVSS: 9.8)
- CVE-2022-25315 - Oracle Communications Diameter Signaling Router(CVSS: 9.8)
- CVE-2023-25690 - Oracle Communications Element Manager(CVSS: 9.8)
- CVE-2022-46364 - Oracle Communications Element Manager(CVSS: 9.8)
- CVE-2022-31692 - Oracle Communications Element Manager(CVSS: 9.8)
- CVE-2022-45047 - Oracle Communications Element Manager(CVSS: 9.8)
- CVE-2022-37434 - Oracle Communications Operations Monitor(CVSS: 9.8)
- CVE-2022-37434 - Oracle Communications Policy Management(CVSS: 9.8)
- CVE-2023-25690 - Oracle Communications Session Report Manager(CVSS: 9.8)
- CVE-2022-46364 - Oracle Communications Session Report Manager(CVSS: 9.8)
- CVE-2022-31692 - Oracle Communications Session Report Manager(CVSS: 9.8)
- CVE-2022-45047 - Oracle Communications Session Report Manager(CVSS: 9.8)
- CVE-2022-1471 - Oracle SD-WAN Edge(CVSS: 9.8)
- CVE-2022-31692 - Oracle SD-WAN Edge(CVSS: 9.8)
- CVE-2022-1292 - Oracle SD-WAN Edge(CVSS: 9.8)
- CVE-2022-37865 - Oracle Communications Cloud Native Core Automated Test Suite(CVSS: 9.1)
- CVE-2021-46848 - Oracle Communications Cloud Native Core Policy(CVSS: 9.1)
- CVE-2022-27404 - Primavera P6 Enterprise Project Portfolio Management(CVSS: 9.8)
- CVE-2022-27404 - Primavera Unifier(CVSS: 9.8)
- CVE-2022-22978 - Oracle Banking Corporate Lending Process Management(CVSS: 9.8)
- CVE-2022-46364 - Oracle Banking Digital Experience(CVSS: 9.8)
- CVE-2022-42889 - Oracle Financial Services Compliance Studio(CVSS: 9.8)
- CVE-2022-45047 - Oracle Business Process Management Suite(CVSS: 9.8)
- CVE-2022-22965 - Oracle Data Integrator(CVSS: 9.8)
- CVE-2022-37434 - Oracle HTTP Server(CVSS: 9.8)
- CVE-2022-22965 - Oracle Managed File Transfer(CVSS: 9.8)
- CVE-2022-33980 - Oracle Middleware Common Libraries and Tools(CVSS: 9.8)
- CVE-2022-29599 - Oracle Middleware Common Libraries and Tools(CVSS: 9.8)
- CVE-2022-37434 - Oracle Business Intelligence Enterprise Edition(CVSS: 9.8)
- CVE-2022-42889 - Oracle Business Intelligence Enterprise Edition(CVSS: 9.8)
- CVE-2022-1587 - Oracle Business Intelligence Enterprise Edition(CVSS: 9.1)
- CVE-2022-32215 - Oracle Business Intelligence Enterprise Edition(CVSS: 9.1)
- CVE-2021-4048 - Oracle Business Intelligence Enterprise Edition(CVSS: 9.1)
- CVE-2022-42889 - Oracle Healthcare Foundation(CVSS: 9.8)
- CVE-2022-42889 - Oracle Healthcare Master Person Index(CVSS: 9.8)
- CVE-2022-1471 - Oracle Healthcare Translational Research(CVSS: 9.8)
- CVE-2023-23914 - Oracle Healthcare Translational Research(CVSS: 9.1)
- CVE-2022-27404 - Oracle Hyperion Financial Reporting(CVSS: 9.8)
- CVE-2020-35168 - Oracle Documaker(CVSS: 9.8)
- CVE-2022-27404 - Oracle Documaker(CVSS: 9.8)
- CVE-2022-22965 - Oracle Insurance Policy Administration Operational Data Store for Life and Annuity(CVSS: 9.8)
- CVE-2022-28738 - JD Edwards EnterpriseOne Tools(CVSS: 9.8)
- CVE-2022-2274 - JD Edwards EnterpriseOne Tools(CVSS: 9.8)
- CVE-2022-2274 - JD Edwards World Security(CVSS: 9.8)
- CVE-2022-37434 - MySQL Server(CVSS: 9.8)
- CVE-2020-14343 - PeopleSoft Enterprise PeopleTools(CVSS: 9.8)
- CVE-2022-45047 - PeopleSoft Enterprise PeopleTools(CVSS: 9.8)
- CVE-2022-45047 - Oracle Retail Customer Management and Segmentation Foundation(CVSS: 9.8)
- CVE-2022-42889 - Oracle Retail Merchandising System(CVSS: 9.8)
- CVE-2020-35168 - Oracle Retail Predictive Application Server(CVSS: 9.8)
- CVE-2022-37434 - Oracle Retail Predictive Application Server(CVSS: 9.8)
- CVE-2022-42889 - Oracle Retail Xstore Office Cloud Service(CVSS: 9.8)
- CVE-2022-42889 - Oracle Retail Xstore Point of Service(CVSS: 9.8)
- CVE-2022-33980 - Oracle Retail Xstore Point of Service(CVSS: 9.8)
- CVE-2022-42889 - Oracle Retail Xstore Point of Service(CVSS: 9.8)
- CVE-2022-23305 - Oracle Utilities Application Framework(CVSS: 9.8)
Oracle Critical Patch Update Advisoryは全ての製品やバージョンを網羅しているわけではない。対象外の製品に関しては個別に脆弱性情報を確認する必要がある。
Copyright © ITmedia, Inc. All Rights Reserved.