9VSA23-00923-01 CSIRT comparte información de actualizaciones de seguridad incluidas en el Oracle Critical Patch Update Advisory, octubre 2023
El CSIRT de Gobierno comparte información de las actualizaciones de seguridad publicadas por Oracle en su Oracle Critical Patch Update Advisory para octubre de 2023.
![9VSA23-00923-01.png](https://media.ciberseguridad.gob.cl/images/9VSA23-00923-01.2e16d0ba.format-jpeg.fill-1200x600.jpg)
Resumen
El CSIRT de Gobierno comparte información de las actualizaciones de seguridad publicadas por Oracle en su Oracle Critical Patch Update Advisory para octubre de 2023.
Vulnerabilidades
CVE-2019-10086
CVE-2019-17498
CVE-2020-11023
CVE-2020-11988
CVE-2020-13956
CVE-2020-36518
CVE-2020-7760
CVE-2021-28165
CVE-2021-36374
CVE-2021-37136
CVE-2021-37533
CVE-2021-37714
CVE-2021-40690
CVE-2021-41165
CVE-2021-41945
CVE-2021-43045
CVE-2022-1471
CVE-2022-23491
CVE-2022-24329
CVE-2022-24834
CVE-2022-24839
CVE-2022-25147
CVE-2022-25647
CVE-2022-26612
CVE-2022-29546
CVE-2022-29577
CVE-2022-29599
CVE-2022-31129
CVE-2022-31160
CVE-2022-3171
CVE-2022-33980
CVE-2022-36033
CVE-2022-36944
CVE-2022-37436
CVE-2022-40152
CVE-2022-40982
CVE-2022-41409
CVE-2022-41881
CVE-2022-41954
CVE-2022-41966
CVE-2022-42003
CVE-2022-42004
CVE-2022-42898
CVE-2022-42920
CVE-2022-43680
CVE-2022-44729
CVE-2022-4492
CVE-2022-45061
CVE-2022-45688
CVE-2022-45690
CVE-2022-48285
CVE-2022-4899
CVE-2023-0361
CVE-2023-0568
CVE-2023-1370
CVE-2023-1436
CVE-2023-20862
CVE-2023-20863
CVE-2023-20873
CVE-2023-20883
CVE-2023-21829
CVE-2023-22015
CVE-2023-22019
CVE-2023-22025
CVE-2023-22026
CVE-2023-22028
CVE-2023-22029
CVE-2023-22032
CVE-2023-22043
CVE-2023-22059
CVE-2023-22064
CVE-2023-22065
CVE-2023-22066
CVE-2023-22067
CVE-2023-22068
CVE-2023-22069
CVE-2023-22070
CVE-2023-22071
CVE-2023-22072
CVE-2023-22073
CVE-2023-22074
CVE-2023-22075
CVE-2023-22076
CVE-2023-22077
CVE-2023-22078
CVE-2023-22079
CVE-2023-22080
CVE-2023-22081
CVE-2023-22082
CVE-2023-22083
CVE-2023-22084
CVE-2023-22085
CVE-2023-22086
CVE-2023-22087
CVE-2023-22088
CVE-2023-22089
CVE-2023-22090
CVE-2023-22091
CVE-2023-22092
CVE-2023-22093
CVE-2023-22094
CVE-2023-22095
CVE-2023-22096
CVE-2023-22097
CVE-2023-22098
CVE-2023-22099
CVE-2023-22100
CVE-2023-22101
CVE-2023-22102
CVE-2023-22103
CVE-2023-22104
CVE-2023-22105
CVE-2023-22106
CVE-2023-22107
CVE-2023-22108
CVE-2023-22109
CVE-2023-22110
CVE-2023-22111
CVE-2023-22112
CVE-2023-22113
CVE-2023-22114
CVE-2023-22115
CVE-2023-22117
CVE-2023-22118
CVE-2023-22119
CVE-2023-22121
CVE-2023-22122
CVE-2023-22123
CVE-2023-22124
CVE-2023-22125
CVE-2023-22126
CVE-2023-22127
CVE-2023-22128
CVE-2023-22129
CVE-2023-22130
CVE-2023-2283
CVE-2023-22946
CVE-2023-23914
CVE-2023-23931
CVE-2023-24998
CVE-2023-25690
CVE-2023-2603
CVE-2023-26048
CVE-2023-26049
CVE-2023-2650
CVE-2023-26604
CVE-2023-27534
CVE-2023-28439
CVE-2023-28484
CVE-2023-28708
CVE-2023-28709
CVE-2023-29491
CVE-2023-2976
CVE-2023-30535
CVE-2023-30589
CVE-2023-30861
CVE-2023-3247
CVE-2023-33201
CVE-2023-34034
CVE-2023-34396
CVE-2023-34462
CVE-2023-34981
CVE-2023-35116
CVE-2023-35788
CVE-2023-35887
CVE-2023-3635
CVE-2023-38039
CVE-2023-3817
CVE-2023-3824
CVE-2023-38408
CVE-2023-38545
CVE-2023-39017
CVE-2023-39022
CVE-2023-40167
CVE-2023-4039
CVE-2023-41080
Impacto
Algunas vulnerabilidades críticas
CVE-2022-48174: Vulnerabilidad crítica en el componente busybox de Oracle VM Server for x86. Explotable de forma remota y sin autenticación. CVSS: 9.8.
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Productos afectados
Oracle Analytics Risk Matrix
Oracle Banking Branch
Oracle Banking Cash Management
Oracle Banking Credit Facilities Process Management
Oracle Banking Electronic Data Exchange for Corporates
Oracle Banking Liquidity Management
Oracle Banking Origination
Oracle Banking Supply Chain Finance
Oracle Banking Trade Finance Process Management
Oracle Big Data Spatial and Graph
Oracle Big Data Spatial and Graph Risk Matrix
Oracle Business Intelligence Enterprise Edition
Oracle Commerce Risk Matrix
Oracle Communications Applications Risk Matrix
Oracle Communications Cloud Native Core Policy
Oracle Communications Risk Matrix
Oracle Construction and Engineering Risk Matrix
Oracle Data Integrator
Oracle Database Fleet Patching and Provisioning (Apache Mina SSHD)
Oracle Database Workload Manager
Oracle E-Business Suite products (varios)
Oracle E-Business Suite Risk Matrix
Oracle Enterprise Manager products (varios)
Oracle Enterprise Manager Risk Matrix
Oracle Essbase
Oracle Essbase Risk Matrix
Oracle Financial Services Applications Risk Matrix
Oracle Financial Services Cash Flow Engine
Oracle Fusion Middleware Risk Matrix
Oracle Global Lifecycle Management OPatch
Oracle Global Lifecycle Management Risk Matrix
Oracle GoldenGate Risk Matrix
Oracle GoldenGate Studio
Oracle Graph Server and Client Risk Matrix
Oracle Health Sciences Applications Risk Matrix
Oracle HealthCare Applications Risk Matrix
Oracle Hospitality Applications Risk Matrix
Oracle Hyperion Risk Matrix
Oracle Insurance Applications Risk Matrix
Oracle Java SE Risk Matrix
Oracle JD Edwards Risk Matrix
Oracle MySQL Risk Matrix
Oracle PeopleSoft Risk Matrix
Oracle REST Data Services
Oracle REST Data Services Risk Matrix
Oracle Retail Applications Risk Matrix
Oracle SD-WAN Edge
Oracle Secure Backup Risk Matrix
Oracle Siebel CRM Risk Matrix
Oracle Spatial and Graph (Google Guava): CVE-2023-2976 [VEX Justification: vulnerable_code_not_in_execute_path].
Oracle Spatial and Graph (SQLite): CVE-2022-46908 [VEX Justification: vulnerable_code_cannot_be_controlled_by_adversary].
Oracle Supply Chain Risk Matrix
Oracle Systems Risk Matrix
Oracle TimesTen In-Memory Database Risk Matrix
Oracle Utilities Applications Risk Matrix
Oracle Utilities Network Management System
Oracle Virtualization Risk Matrix
Enlaces
https://www.oracle.com/security-alerts/cpuoct2023.html
https://www.oracle.com/security-alerts/ovmbulletinoct2023.html
https://support.oracle.com/rs?type=doc&id=2962256.1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00923-01.