TR-20-896 (Oracle Güvenlik Uyarısı Yayınladı)

Genel Bilgi

Oracle, Oracle ürünlerinde bulunan DoS, ACE, Siteler Arası İstek Sahteciliği, MITM ve XSS zaffiyetlerine yönelik bir güvenlik uyarısı yayınladı.

Etki

Mevcut güvenlik açıklığı nedeniyle etkilenen sistemlerin siber saldırganlar tarafından kontrol altına alınması ihtimal dâhilindedir. Etkilenen sistemler aşağıdaki gibidir;

  • Enterprise Manager
  • Database
  • Systems
  • Fusion Middleware
  • Oracle Construction and Engineering Suite
  • MySQL
  • Oracle Supply Chain Products
  • Oracle Financial Services Applications
  • Oracle Banking Platform
  • Oracle Communications Application Session Controller
  • Oracle Communications Billing and Revenue Management
  • Oracle Communications BRM - Elastic Charging Engine
  • Oracle Communications Diameter Signaling Router
  • Oracle Communications EAGLE
  • Oracle Communications Element Manager
  • Oracle Communications Evolved Communications Application Server
  • Oracle Communications Messaging Server
  • Oracle Communications Offline Mediation Controller
  • Oracle Communications Services Gatekeeper
  • Oracle Communications Session Border Controller
  • Oracle Communications Session Report Manager
  • Oracle Communications Session Route Manager
  • Oracle Communications Unified Inventory Management
  • Oracle Communications WebRTC Session Controller
  • E-Business Suite
  • Oracle Enterprise Session Border Controller
  • Oracle Financial Services Analytical Applications Infrastructure
  • Oracle Financial Services Analytical Applications Reconciliation Framework
  • Oracle Financial Services Asset Liability Management
  • Oracle Financial Services Balance Sheet Planning
  • Oracle Financial Services Basel Regulatory Capital Basic
  • Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach
  • Oracle Financial Services Data Foundation
  • Oracle Financial Services Data Governance for US Regulatory Reporting
  • Oracle Financial Services Data Integration Hub
  • Oracle Financial Services Funds Transfer Pricing
  • Oracle Financial Services Hedge Management and IFRS Valuations
  • Oracle Financial Services Institutional Performance Analytics
  • Oracle Financial Services Liquidity Risk Management
  • Oracle Financial Services Liquidity Risk Measurement and Management
  • Oracle Financial Services Loan Loss Forecasting and Provisioning
  • Oracle Financial Services Market Risk Measurement and Management
  • Oracle Financial Services Price Creation And Discovery
  • Oracle Financial Services Profitability Management
  • Oracle Financial Services Regulatory Reporting for European Banking Authority
  • Oracle Financial Services Regulatory Reporting for US Federal Reserve
  • Oracle Financial Services Regulatory Reporting with AgileREPORTER
  • Oracle Financial Services Retail Customer Analytics
  • Oracle GraalVM Enterprise Edition
  • Health Sciences
  • Oracle Hospitality Guest Access
  • Oracle Hospitality Materials Control
  • Oracle Hospitality OPERA 5 Property Services
  • Oracle Hospitality Reporting and Analytics
  • Oracle Hospitality RES
  • Oracle Hospitality Simphony
  • Oracle Hospitality Suite8
  • Oracle Insurance Accounting Analyzer
  • Oracle Insurance Allocation Manager for Enterprise Profitability
  • Oracle Insurance Data Foundation
  • Oracle Insurance Applications
  • Java SE
  • Oracle Policy Automation
  • Retail Applications
  • Oracle Utilities Applications
  • Virtualization
  • PeopleSoft
  • Siebel

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine yüksek önemde olduğu belirtilen zafiyet için Oracle Güvenlik Uyarılarını incelemelerini ve ilgili güvenlik tedbirlerini almalarını tavsiye etmektedir.

Kaynaklar

https://www.cybersecurity-help.cz/vdb/SB2020102830

https://www.oracle.com/security-alerts/cpuoct2020.html?3290

https://www.cybersecurity-help.cz/vdb/SB2020102840

2020-10-30