CSIRT de Gobierno /
Alertas /
9VSA23-00923-01 CSIRT comparte información de actualizaciones de seguridad incluidas en el Oracle Critical Patch Update Advisory, octubre 2023

18 de octubre de 2023 a las 19:06

9VSA23-00923-01 CSIRT comparte información de actualizaciones de seguridad incluidas en el Oracle Critical Patch Update Advisory, octubre 2023

El CSIRT de Gobierno comparte información de las actualizaciones de seguridad publicadas por Oracle en su Oracle Critical Patch Update Advisory para octubre de 2023.

Resumen

El CSIRT de Gobierno comparte información de las actualizaciones de seguridad publicadas por Oracle en su Oracle Critical Patch Update Advisory para octubre de 2023.

Vulnerabilidades

CVE-2019-10086

CVE-2019-17498

CVE-2020-11023

CVE-2020-11988

CVE-2020-13956

CVE-2020-36518

CVE-2020-7760

CVE-2021-28165

CVE-2021-36374

CVE-2021-37136

CVE-2021-37533

CVE-2021-37714

CVE-2021-40690

CVE-2021-41165

CVE-2021-41945

CVE-2021-43045

CVE-2022-1471

CVE-2022-23491

CVE-2022-24329

CVE-2022-24834

CVE-2022-24839

CVE-2022-25147

CVE-2022-25647

CVE-2022-26612

CVE-2022-29546

CVE-2022-29577

CVE-2022-29599

CVE-2022-31129

CVE-2022-31160

CVE-2022-3171

CVE-2022-33980

CVE-2022-36033

CVE-2022-36944

CVE-2022-37436

CVE-2022-40152

CVE-2022-40982

CVE-2022-41409

CVE-2022-41881

CVE-2022-41954

CVE-2022-41966

CVE-2022-42003

CVE-2022-42004

CVE-2022-42898

CVE-2022-42920

CVE-2022-43680

CVE-2022-44729

CVE-2022-4492

CVE-2022-45061

CVE-2022-45688

CVE-2022-45690

CVE-2022-48285

CVE-2022-4899

CVE-2023-0361

CVE-2023-0568

CVE-2023-1370

CVE-2023-1436

CVE-2023-20862

CVE-2023-20863

CVE-2023-20873

CVE-2023-20883

CVE-2023-21829

CVE-2023-22015

CVE-2023-22019

CVE-2023-22025

CVE-2023-22026

CVE-2023-22028

CVE-2023-22029

CVE-2023-22032

CVE-2023-22043

CVE-2023-22059

CVE-2023-22064

CVE-2023-22065

CVE-2023-22066

CVE-2023-22067

CVE-2023-22068

CVE-2023-22069

CVE-2023-22070

CVE-2023-22071

CVE-2023-22072

CVE-2023-22073

CVE-2023-22074

CVE-2023-22075

CVE-2023-22076

CVE-2023-22077

CVE-2023-22078

CVE-2023-22079

CVE-2023-22080

CVE-2023-22081

CVE-2023-22082

CVE-2023-22083

CVE-2023-22084

CVE-2023-22085

CVE-2023-22086

CVE-2023-22087

CVE-2023-22088

CVE-2023-22089

CVE-2023-22090

CVE-2023-22091

CVE-2023-22092

CVE-2023-22093

CVE-2023-22094

CVE-2023-22095

CVE-2023-22096

CVE-2023-22097

CVE-2023-22098

CVE-2023-22099

CVE-2023-22100

CVE-2023-22101

CVE-2023-22102

CVE-2023-22103

CVE-2023-22104

CVE-2023-22105

CVE-2023-22106

CVE-2023-22107

CVE-2023-22108

CVE-2023-22109

CVE-2023-22110

CVE-2023-22111

CVE-2023-22112

CVE-2023-22113

CVE-2023-22114

CVE-2023-22115

CVE-2023-22117

CVE-2023-22118

CVE-2023-22119

CVE-2023-22121

CVE-2023-22122

CVE-2023-22123

CVE-2023-22124

CVE-2023-22125

CVE-2023-22126

CVE-2023-22127

CVE-2023-22128

CVE-2023-22129

CVE-2023-22130

CVE-2023-2283

CVE-2023-22946

CVE-2023-23914

CVE-2023-23931

CVE-2023-24998

CVE-2023-25690

CVE-2023-2603

CVE-2023-26048

CVE-2023-26049

CVE-2023-2650

CVE-2023-26604

CVE-2023-27534

CVE-2023-28439

CVE-2023-28484

CVE-2023-28708

CVE-2023-28709

CVE-2023-29491

CVE-2023-2976

CVE-2023-30535

CVE-2023-30589

CVE-2023-30861

CVE-2023-3247

CVE-2023-33201

CVE-2023-34034

CVE-2023-34396

CVE-2023-34462

CVE-2023-34981

CVE-2023-35116

CVE-2023-35788

CVE-2023-35887

CVE-2023-3635

CVE-2023-38039

CVE-2023-3817

CVE-2023-3824

CVE-2023-38408

CVE-2023-38545

CVE-2023-39017

CVE-2023-39022

CVE-2023-40167

CVE-2023-4039

CVE-2023-41080

Impacto

Algunas vulnerabilidades críticas

CVE-2022-48174: Vulnerabilidad crítica en el componente busybox de Oracle VM Server for x86. Explotable de forma remota y sin autenticación. CVSS: 9.8.

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Productos afectados
Oracle Analytics Risk Matrix

Oracle Banking Branch

Oracle Banking Cash Management

Oracle Banking Credit Facilities Process Management

Oracle Banking Electronic Data Exchange for Corporates

Oracle Banking Liquidity Management

Oracle Banking Origination

Oracle Banking Supply Chain Finance

Oracle Banking Trade Finance Process Management

Oracle Big Data Spatial and Graph

Oracle Big Data Spatial and Graph Risk Matrix

Oracle Business Intelligence Enterprise Edition

Oracle Commerce Risk Matrix

Oracle Communications Applications Risk Matrix

Oracle Communications Cloud Native Core Policy

Oracle Communications Risk Matrix

Oracle Construction and Engineering Risk Matrix

Oracle Data Integrator

Oracle Database Fleet Patching and Provisioning (Apache Mina SSHD)

Oracle Database Workload Manager

Oracle E-Business Suite products (varios)

Oracle E-Business Suite Risk Matrix

Oracle Enterprise Manager products (varios)

Oracle Enterprise Manager Risk Matrix

Oracle Essbase

Oracle Essbase Risk Matrix

Oracle Financial Services Applications Risk Matrix

Oracle Financial Services Cash Flow Engine

Oracle Fusion Middleware Risk Matrix

Oracle Global Lifecycle Management OPatch

Oracle Global Lifecycle Management Risk Matrix

Oracle GoldenGate Risk Matrix

Oracle GoldenGate Studio

Oracle Graph Server and Client Risk Matrix

Oracle Health Sciences Applications Risk Matrix

Oracle HealthCare Applications Risk Matrix

Oracle Hospitality Applications Risk Matrix

Oracle Hyperion Risk Matrix

Oracle Insurance Applications Risk Matrix

Oracle Java SE Risk Matrix

Oracle JD Edwards Risk Matrix

Oracle MySQL Risk Matrix

Oracle PeopleSoft Risk Matrix

Oracle REST Data Services

Oracle REST Data Services Risk Matrix

Oracle Retail Applications Risk Matrix

Oracle SD-WAN Edge

Oracle Secure Backup Risk Matrix

Oracle Siebel CRM Risk Matrix

Oracle Spatial and Graph (Google Guava): CVE-2023-2976 [VEX Justification: vulnerable_code_not_in_execute_path].

Oracle Spatial and Graph (SQLite): CVE-2022-46908 [VEX Justification: vulnerable_code_cannot_be_controlled_by_adversary].

Oracle Supply Chain Risk Matrix

Oracle Systems Risk Matrix

Oracle TimesTen In-Memory Database Risk Matrix

Oracle Utilities Applications Risk Matrix

Oracle Utilities Network Management System

Oracle Virtualization Risk Matrix

Enlaces

https://www.oracle.com/security-alerts/cpuoct2023.html

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html

https://support.oracle.com/rs?type=doc&id=2962256.1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11988

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37533

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37714

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40690

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41945

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43045

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24329

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24834

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24839

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25147

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26612

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29546

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29577

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31129

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36944

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41954

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41966

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42920

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44729

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4492

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45688

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45690

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48285

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4899

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0361

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1436

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20862

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20873

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20883

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21829

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22015

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22019

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22025

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22026

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22028

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22029

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22032

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22043

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22059

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22064

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22065

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22066

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22067

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22068

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22069

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22070

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22071

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22072

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22073

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22074

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22075

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22076

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22077

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22078

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22079

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22080

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22081

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22082

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22083

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22085

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22086

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22087

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22088

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22089

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22090

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22091

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22092

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22093

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22094

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22095

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22096

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22097

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22098

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22099

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22100

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22101

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22102

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22103

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22104

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22105

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22106

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22107

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22108

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22109

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22110

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22111

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22112

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22113

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22114

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22115

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22117

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22118

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22119

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22121

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22122

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22123

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22124

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22125

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22126

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22127

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22128

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22129

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22130

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2283

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22946

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26604

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28709

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30535

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30861

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34034

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34396

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34981

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35116

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35887

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38039

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39017

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39022

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4039

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00923-01.

Documentos Relacionados

9VSA23-00923-01