You are currently viewing Oracle Critical Security Updates October 2021

Oracle Critical Security Updates October 2021

  • Post author:
  • Reading time:46 mins read

Oracle Critical Updates October 2021 has finally released 419 new security patches for various product families, including Oracle Mysql, Oracle Java SE, Oracle Essbase, Database server, Oracle Golden Gate, etc. However, This advisory covers multiple products which are prone to many vulnerabilities. Vulnerability Management Software can prevent these attacks.

Oracle Database Server finally received nine security patches from Oracle Critical Updates in October 2021; however, out of the nine vulnerabilities identified, two can be remotely exploited without authentication, which are tracked as CVE-2021-25122 and CVE-2021-26272. Moreover, CVE-2021-35599 is considered the most critical, with a base score of 8.2 among the nine vulnerabilities addressed for the Oracle Critical Updates October 2021 database server in the advisory, and it also affects the ‘Zero Downtime DB Migration to Cloud’ component. Moreover, successfully exploiting this vulnerability can result in the takeover of Zero Downtime Migration to the Cloud. Therefore, A good vulnerability management tool can solve these issues.

Oracle MySQL has finally received 66 new security patches; out of these 66 vulnerabilities, ten patches are for the vulnerabilities which can be remotely exploited without authentication.However, CVE-2021-22931 has been rated high and affects the MySQL cluster’s ‘Cluster: General (Node.js)’ component. Therefore, successfully exploiting this vulnerability allows the takeover of the MySQL cluster.

Oracle Virtualization received eight security patches from Oracle Critical Updates in October 2021; out of these eight vulnerabilities, one can be remotely exploited without authentication. However, CVE-2021-35538 is considered to be the most critical in the lineup. This CVE affects the “Core” component of the Oracle VM Virtual Box. Therefore, Successful attacks of this vulnerability can result in the takeover of Oracle VM Virtual Box. However, this vulnerability does not apply to Windows systems.


Oracle Critical Security Updates October 2021 Summary

Oracle Database Server

Affected Components: Zero Downtime DB Migration to Cloud, Oracle Database Enterprise Edition (Apache Tomcat), Java VM, Oracle LogMiner, RDBMS Security, Core RDBMS, Oracle Application Express (CKEditor), Oracle Database Enterprise Edition Unified Audit.
CVEs: CVE-2021-35599, CVE-2021-25122CVE-2021-35619, CVE-2021-2332, CVE-2021-35551, CVE-2021-35557, CVE-2021-35558, CVE-2021-26272, CVE-2021-35576.

Oracle Essbase

Products: Essbase Administration Services.
Affected Components: EAS Console.
CVEs: CVE-2021-35652, CVE-2021-35651, CVE-2021-35653, CVE-2021-35654, CVE-2021-35655.

Oracle GoldenGate

Products: Oracle GoldenGate.
Affected Components: Install (Dell BSAFE Crypto-J)
CVEs: CVE-2019-3740.

Oracle Graph Server and Client

Products: Oracle Graph Server and Client.
Affected Components: Packaging/install (Apache Tomcat).
CVEs: CVE-2021-25122.

Oracle REST Data Services

Products: Oracle REST Data Services.
Affected Components: General (Eclipse Jetty).
CVEs: CVE-2021-28165.

Oracle Secure Backup

Products: Oracle Secure Backup.
Affected Components: Oracle Secure Backup (OpenSSL).
CVEs: CVE-2021-3450.

Oracle Commerce

Products: Oracle Commerce Guided Search, Oracle Commerce Merchandising.
Affected Components: Content Acquisition System (CKEditor), Merchandising (CKEditor).
CVEs: CVE-2021-37695.

Oracle Communications Applications

Products:

Oracle Communications Pricing Design Center, Oracle Communications MetaSolv Solution, Oracle Communications BRM – Elastic Charging Engine, Oracle Communications Messaging Server, Oracle Communications Offline Mediation Controller, hence, Finally, Oracle Communications Billing and Revenue Management, Oracle Communications Design Studio, Oracle Communications Pricing Design Center, Oracle Communications Calendar Server, Oracle Communications MetaSolv Solution, Oracle Communications Pricing Design Center.

Affected Components:

 Pricing (Python), Reports (JDBC), Controller (Spring Framework), Message Store (Apache Commons Compress), Security (Apache CXF), Storage & Reporting (NSS), Billing Care (Apache Commons BeanUtils), PSR Designer (Lodash), Services Manager (Eclipse Mojarra), OUI Installer (Netty), PSR Designer (Netty), Multiplexor (Netty),However, Orchestration (Apache Groovy), Monitoring (Apache PDFBox), Monitoring (Apache Tika), Administration (Apache Commons IO), Message Store (Apache Commons IO), Reports (Apache Commons IO), Pricing (Apache Tomcat).
CVEs: CVE-2021-3177,CVE-2021-2351, CVE-2021-22118, CVE-2021-36090, CVE-2021-30468, CVE-2020-25648, CVE-2019-10086, CVE-2021-23337, CVE-2020-6950, CVE-2021-21409, CVE-2020-17521, CVE-2021-31812, CVE-2021-28657, CVE-2021-29425, CVE-2021-33037.

Oracle Communications

Products: 

Oracle Communications Policy Management, Oracle Communications Diameter Signaling Router, Oracle Communications EAGLE LNP Application Processor, Oracle Communications Element Manager, Oracle Communications LSMS, Oracle Communications Session Report Manager, Oracle Communications Session Route Manager, Moreover, Tekelec Virtual Operating Environment, Oracle Communications Control Plane Monitor, Oracle Communications Fraud Monitor, Oracle Communications Operations Monitor, Oracle Enterprise Telephony Fraud Monitor.

Tekelec Platform Distribution, Oracle Communications Application Session Controller, Oracle Communications Interactive Session Recorder, Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud-Native Core Network Repository Function, Oracle Communications Services Gatekeeper; however, Therefore, Oracle Communications Cloud-Native Core Policy, Oracle Communications Session Border Controller, Oracle Enterprise Communications Broker, Oracle Communications Converged Application Server – Service Controller, Oracle Communications EAGLE FTP Table Base Retrieval.

Affected Components:

 Policy (XStream), Platform (gSOAP), Signaling (PHP), Patches (gSOAP), Work orders (Apache ActiveMQ), Enterprise Policy (Apache Struts2), Reports (Apache ActiveMQ), Route Manager (Apache ActiveMQ), Syscheck (gSOAP), Infrastructure (nginx), Developer Infrastructure (nginx), Policies (nginx), Work Orders (Spring Security), Platform (Perl), Signaling (JDBC), Provision API, Reports (JDBC), Route Manager (JDBC), Realtime db (Perl), Security (Jackson-data-bind), Policy (Jackson-data-bind), Reports (Bouncy Castle Java Library), Reports (Jackson-data-bind), Route Manager (Bouncy Castle Java Library), Work Orders (Spring Framework), Monitor (Spring Framework), Reports (Spring Framework).

Route Manager (Spring Framework), Storage Management (Kernel), Storage Management (Sudo), Measurements (libgcrypt), IDIH – Visualization (Apache Camel), IDIH – Visualization (Jackson-data-bind), Fault Management (Apache Commons Compress), Finally, Work Orders (Apache CXF), Work Orders (Eclipse Jetty), NPA Agent (Flexnet), Policy (dojo), VNF Manager (Spring Framework), Messaging Service (Eclipse Jetty), Payment (Cryptacular), Reports (Apache CXF), Reports (Apache Commons Compress), Reports (Eclipse Jetty), Route Manager (Apache CXF), Route Manager (Apache Commons Compress), Route Manager (Eclipse Jetty), Storage Management (BIND), Policy (Apache Commons BeanUtils), Signaling (Lodash), Routing (Lodash), Routing, Provisioning (BIND), Console (Apache Tomcat), Reports (Apache PDFBox), Signaling (Apache Commons IO), Charging (Apache Commons IO), Platform (Apache Tomcat), MediationServer (Apache Tomcat), Reports (Apache Commons IO), Reports (Apache Tomcat), Route Manager (Apache Commons IO), Route Manager (Apache Tomcat), Logging (Apache Log4j).

CVEs:

 CVE-2021-21345, CVE-2021-21783, CVE-2017-9841, CVE-2020-11998CVE-2020-17530, CVE-2021-23017, CVE-2021-22112, CVE-2020-10878, CVE-2021-2351, CVE-2021-2461, CVE-2020-10543, CVE-2020-24750, CVE-2020-28052, CVE-2020-28052, CVE-2021-22118, CVE-2020-29661, CVE-2021-3156, CVE-2021-33560, CVE-2020-11994, CVE-2020-25649, CVE-2021-36090, CVE-2021-30468,CVE-2021-28165, CVE-2018-20034, CVE-2020-5258, CVE-2020-5398, CVE-2020-7226, CVE-2021-22696, CVE-2021-25215, CVE-2019-10086, CVE-2021-23337, CVE-2021-2414, CVE-2020-8622, CVE-2021-30640, CVE-2021-27906, CVE-2021-29425, CVE-2021-33037, CVE-2021-2416, CVE-2020-9488.

Oracle Construction and Engineering

Products:

 Instantis EnterpriseTrack, Primavera Gateway, Primavera Unifier.

Affected Components: 

Core (Apache HTTP Server), Core (JDBC), Admin (JDBC), Admin (Apache Commons Compress), File Management (Apache Commons Compress), Admin (Lodash), Platform, UI (Lodash), Admin (Apache Ant), Platform (Apache Tika), System Configuration (Apache Ant), Core (Apache Tomcat), Admin (Apache Commons IO).

CVEs:

 CVE-2021-26691, CVE-2021-2351, CVE-2021-36090, CVE-2021-23337, CVE-2021-36374, CVE-2021-28657, CVE-2021-33037, CVE-2021-29425.

Oracle E-Business Suite

Products: 

Oracle Applications Manager, Oracle Content Manager, Oracle Deal Management, Oracle Incentive Compensation, Oracle Mobile Field Service, Oracle Operations Intelligence, Oracle Payables, Oracle Shipping Execution, Oracle Trade Management, Oracle Universal Work Queue, Oracle Web Analytics, Oracle Applications Framework, Oracle Sales Offline.

Affected Components: 

Diagnostics, Content Item Manager, Miscellaneous, User Interface, Admin UI, BIS Operations Intelligence, Invoice Approvals, Workflow Events, Quotes, Work Provider Site Level Administration, Admin, View Reports, Session Management, Offline Template.
CVEs: CVE-2021-35566, CVE-2021-2483, CVE-2021-35536, CVE-2021-35585, CVE-2021-35570, CVE-2021-2484, CVE-2021-2482, CVE-2021-35563, CVE-2021-2485, CVE-2021-35562, CVE-2021-2474, CVE-2021-35582, CVE-2021-35580, CVE-2021-2477, CVE-2021-35554, CVE-2021-35569, CVE-2021-35581, CVE-2021-35611.

Oracle Enterprise Manager

Products:

 Enterprise Manager Ops Center, Enterprise Manager Base Platform, Enterprise Manager Ops Center, Oracle Real User Experience Insight, Oracle Application Testing Suite, Enterprise Manager for Oracle Database.
Affected Components: Networking (Apache HTTP Server), Policy Framework, Guest Management (XStream), Guest Management (libxml2), End User Experience Management (libxml2), End User Experience Management (JDBC), Load Testing for Web Apps (Jackson-data-bind), Provisioning (SQLite).
CVEs: CVE-2021-26691, CVE-2021-2137, CVE-2021-29505, CVE-2021-3518, CVE-2021-2351, CVE-2020-25649, CVE-2021-20227.

Oracle Financial Services Applications

Products: Oracle Banking Virtual Account Management, Oracle Banking Corporate Lending Process Management, Oracle Banking Credit Facilities Process Management, Oracle Banking Supply Chain Finance, Oracle FLEXCUBE Core Banking, Oracle Banking Cash Management, Oracle Banking Extensibility Workbench, Oracle Banking Trade Finance Process Management, Oracle Banking Platform, Oracle Financial Services Analytical Applications Infrastructure, Oracle Financial Services Enterprise Case Management, Oracle Banking Enterprise Default Management, Oracle Financial Services Model Management, and Governance.

Affected Components: Common Core (XStream), Common Core (XStream), Credit Appraisal (Spring Integration), Account-Maintenance (Spring Integration),  Common Core (Spring Integration), Bills And Collections (dom4j), Accessibility (XStream), Lending (XStream), Credit Appraisal (XStream), Web UI (Kotlin), Account-Maintenance (XStream), Dashboard (XStream), Lending (Jackson-data-bind), Loans (Bouncy Castle Java Library), Credit Appraisal (Jackson-data-bind), Credit Appraisal (Bouncy Castle Java Library), Web UI (Bouncy Castle Java Library), Invoice (Jackson-data-bind), Security (Bouncy Castle Java Library), Common Core (Bouncy Castle Java Library), Web UI (Jackson-data-bind).

Product Accounting (Apache Commons Compress), Account (Jackson-data-bind), Rate Management (Apache Commons Compress), Web UI (Apache Commons Compress), Bills And Collections (Apache Axis), Account (Lodash), Lending (Lodash), Collateral Review (Lodash), Banking (Lodash), Invoice (Lodash), Dashboard (Lodash), Collections (Eclipse Mojarra), Investment Account (Eclipse Mojarra), Model Governance (CKEditor), Lending (Netty), Collateral Review (Netty), Dashboard (Netty), Lending (Apache PDFBox), Collateral Review (Apache PDFBox), Security (Apache PDFBox), Dashboard (Apache PDFBox), Common Core (Apache PDFBox), Publish Catalog (Apache Ant).

CVEs: CVE-2021-21345, CVE-2020-5413, CVE-2020-10683, CVE-2021-29505, CVE-2020-15824, CVE-2020-24750, CVE-2020-28052, CVE-2020-25649, CVE-2021-36090, CVE-2019-0227, CVE-2020-8203, CVE-2021-23337, CVE-2020-6950, CVE-2021-26272, CVE-2021-21409, CVE-2021-31812, CVE-2021-27906, CVE-2021-36374.

Oracle Fusion Middleware

Products: Oracle WebCenter Sites, Oracle WebLogic Server, Oracle Business Activity Monitoring, Oracle WebCenter Portal, Oracle Business Intelligence Enterprise Edition, Oracle Data Integrator, Oracle Outside In Technology, Oracle WebLogic Server Proxy Plug-In, Oracle HTTP Server, Oracle Enterprise Repository, Oracle Real-Time Decision Server, Oracle GoldenGate Application Adapters.

Affected Components: WebCenter Sites (Terracotta Quartz Scheduler), Web Services (slf4j-ext), Coherence Container, General (XStream), Discussion Forums (XStream), WebCenter Sites (XStream), Analytics Server (Apache CXF), Install, config, upgrade (Jackson-data-bind), Outside In Filters, WebCenter Sites (dojo), Core (Cryptacular), Core, SSL Module (LibExpat), WebCenter Sites (CKEditor), Web Services (jQuery), Analytics Server (OpenSSL), OSSL Module, SSL Module (OpenSSL), Web Services (Google Guava), Security Subsystem – 12c (Apache Ant), Platform Installation (Apache Ant), WebCenter Sites (Apache PDFbox), WebCenter Sites (Apache POI), Web Services (Apache Santuario XML Security For Java), Application Adapters (Apache Commons IO), Decision Server (Apache Commons IO), Console (Apache Commons IO), Diagnostics, Web Listener.

CVEs: CVE-2019-13990, CVE-2018-8088, CVE-2021-35617, CVE-2021-29505, CVE-2021-30468, CVE-2020-25649, CVE-2021-35572, CVE-2021-35573, CVE-2021-35662, CVE-2021-35661, CVE-2021-35574, CVE-2021-35660, CVE-2021-35659, CVE-2021-35658, CVE-2021-35657, CVE-2021-35656, CVE-2020-5258, CVE-2020-7226, CVE-2021-35620, CVE-2018-20843, CVE-2021-26272, CVE-2020-11022, CVE-2021-23841, CVE-2021-35666, CVE-2020-1971, CVE-2018-10237, CVE-2021-36374, CVE-2021-27906, CVE-2019-12415, CVE-2019-12400, CVE-2021-29425, CVE-2021-35552, CVE-2021-2480.

Oracle Health Sciences Applications

Products: Oracle Healthcare Data Repository, Oracle Health Sciences Central Coding, Oracle Health Sciences InForm, Oracle Healthcare Foundation.
Affected Components: Install Utility (Nimbus JOSE+JWT), Service Framework (Spring Framework), UI (jQuery), Install Utility (Apache Groovy), Security (Apache Tika).
CVEs: CVE-2019-17195, CVE-2021-22118, CVE-2020-11022, CVE-2020-11023, CVE-2020-17521, CVE-2021-28657.

Oracle Hospitality Applications

Products: Oracle Hospitality Cruise Shipboard Property Management System.
Affected Components: Next-Gen SPMS (jQuery).
CVEs: CVE-2020-11022.

Oracle Hyperion

Products: Hyperion Financial Reporting, Hyperion Planning, Hyperion Financial Management, Hyperion Infrastructure Technology.
Affected Components: Repository, Hyperion Planning (jQuery), Server Components (Apache PDFBox), Security (Apache Commons IO), Installation and Configuration (libpng), Installation and Configuration (Eclipse Jetty).
CVEs: CVE-2021-35665, CVE-2019-11358, CVE-2021-27906, CVE-2021-29425, CVE-2019-7317, CVE-2020-27218.

Oracle Insurance Applications

Products: Oracle Documaker, Oracle Insurance Policy Administration, Oracle Insurance Calculation Engine.
Affected Components: Development tools (Apache Commons FileUpload), Development tools (Terracotta Quartz Scheduler), Development tools (dom4j), Architecture (Nimbus JOSE+JWT), Architecture (Apache Batik), Development tools (jackson-databind), Development tools (Spring Framework), Architecture (Spring Framework), Development tools (dojo), Development tools (Apache Commons BeanUtils), Architecture (Apache Commons BeanUtils), Architecture (Apache Ant), Architecture (Apache Groovy), Development tools (CKEditor), Development tools (Apache Commons IO).
CVEs: CVE-2016-1000031, CVE-2019-13990, CVE-2020-10683, CVE-2019-17195, CVE-2020-11987, CVE-2020-36189, CVE-2021-22118, CVE-2020-5258, CVE-2020-5398, CVE-2019-10086, CVE-2021-36374, CVE-2020-17521, CVE-2021-37695, CVE-2021-29425.

Oracle Java SE

Products: Java SE, Oracle GraalVM Enterprise Edition.
Affected Components: JavaFX (libxml), Deployment, Node (Node.js), Libraries, JSSE, JavaFX (GStreamer), ImageIO, Keytool, Swing, Utility, Hotspot.
CVEs: CVE-2021-3517, CVE-2021-35560, CVE-2021-27290, CVE-2021-35567, CVE-2021-35550, CVE-2021-3522, CVE-2021-35586, CVE-2021-35564, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35565, CVE-2021-35578, CVE-2021-35603, CVE-2021-35588.

Oracle JD Edwards

Products: JD Edwards EnterpriseOne Tools, JD Edwards World Security, JD Edwards EnterpriseOne Orchestrator, JD Edwards EnterpriseOne Orchestrator.

Affected Components: E1 Dev Platform Tech (Node.js), Enterprise Infrastructure (NSS), E1 Dev Platform Tech (Lodash), Enterprise Infrastructure (OpenSSL), World Software Security (OpenSSL), Installation (Eclipse Jetty), Web Runtime (CKEditor), E1 IOT Orchestrator (Apache Groovy), Hence, Enterprise Infrastructure (SQLite), E1 IOT Orchestrator (Apache HttpClient), Monitoring and Diagnostics (Apache HttpClient).

CVEs: CVE-2021-22884, CVE-2020-25648, CVE-2020-8203, CVE-2021-3450, CVE-2020-27216, CVE-2021-26272, CVE-2020-17521, CVE-2021-20227, CVE-2020-13956.

Oracle MySQL

Products: MySQL Cluster, MySQL Server, MySQL Enterprise Monitor, MySQL Workbench, MySQL Client, MySQL Connectors.

Affected Components: Cluster: General (Node.js), Server: Packaging (OpenSSL), Monitoring: General (Spring Security), MySQL Workbench (libxml2), Monitoring: General (Spring Framework), Server: Compiling (cURL), Server: Compiling (Kerberos), Server: Windows, MySQL Workbench (OpenSSL), Server: Optimizer, Monitoring: General (OpenSSL), C API, Server: DML, Cluster: General, Connector/J, InnoDB, MySQL Workbench (SQLite), Moreover, Monitoring: General (Apache Tomcat), Monitoring: General (Apache Commons IO), Server: Group Replication Plugin, Server: Options, Server: Error Handling, Server: FTS, Server: GIS, Server: PS, Server: Replication, Server: Security: Encryption, Server: Security: Privileges, Server: Stored Procedure, Server: Data Dictionary, Cluster: DB cluster/plugin DDL, Server: DDL, Server: Logging, Server: Security: Roles.

CVEs: CVE-2021-22931, CVE-2021-3711, CVE-2021-22112, CVE-2021-3518, CVE-2021-22118, CVE-2021-22926, CVE-2021-36222, CVE-2021-35583, CVE-2021-3712, CVE-2021-35610, CVE-2021-3712, CVE-2021-35597, CVE-2021-35607, CVE-2021-2481, CVE-2021-35590, CVE-2021-35592, CVE-2021-35593, CVE-2021-35594, CVE-2021-35598, CVE-2021-35621, CVE-2021-2471, CVE-2021-35604, CVE-2021-35612, CVE-2021-20227, CVE-2021-33037, CVE-2021-29425, CVE-2021-35608, CVE-2021-35602, CVE-2021-35577, CVE-2021-2478, CVE-2021-2479, CVE-2021-35537, CVE-2021-35591, CVE-2021-35596, CVE-2021-35648, CVE-2021-35631, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35629, CVE-2021-35575, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2021-35630, CVE-2021-35637, CVE-2021-35546, CVE-2021-35622, CVE-2021-35624, CVE-2021-35639, CVE-2021-35632, CVE-2021-35584, CVE-2021-35613, CVE-2021-35640, CVE-2021-35633, CVE-2021-35625, CVE-2021-35623, CVE-2021-35618.

Oracle PeopleSoft

Products: PeopleSoft Enterprise PeopleTools, PeopleSoft Enterprise CC Common Application Objects, PeopleSoft Enterprise CS Campus Community, PeopleSoft Enterprise CS SA Integration Pack, PeopleSoft Enterprise CS Academic Advisement, PeopleSoft Enterprise CS Student Records, PeopleSoft Enterprise SCM.

Affected Components: nVision (XMLBeans), Activity Guide Composer, Cloud Manager (Apache Commons Compress), DPK (OpenSSL), SQR, Porting (urllib3), Business Interlink, Rich Text Editor, Notification Framework, Students Administration, Elastic Search (Apache PDFBox), nVision (Apache POI), Advising Notes, Class Search, Supplier Portal, Updates Change Assistant (Apache Commons IO), Updates Change Assistant (Apache HttpClient).

CVEs: CVE-2021-23926, CVE-2021-35543, CVE-2021-36090, CVE-2020-1967, CVE-2021-35609, CVE-2021-28363, CVE-2021-35595, CVE-2021-35568, CVE-2021-35606, CVE-2021-35601, CVE-2021-27906, CVE-2019-12415, CVE-2021-35571, CVE-2021-35553, CVE-2021-35541, CVE-2021-29425, CVE-2020-13956.

Oracle Retail Applications

Products: 

Oracle Retail Store Inventory Management, Oracle Retail Assortment Planning, Oracle Retail Merchandising System, Oracle Retail Predictive Application Server, Oracle Retail Customer Management and Segmentation Foundation, Oracle Retail Returns Management, Oracle Retail Back Office, Oracle Retail Central Office, Oracle Retail Advanced Inventory Planning, Oracle Retail Bulk Data Integration, Oracle Retail Extract Transform and Load, Oracle Retail Financial Integration, Oracle Retail Integration Bus, Oracle Retail Point-of-Service, Oracle Retail Service Backbone, Oracle Retail Store Inventory Management.

Affected Components: 

SIM Integration (JDBC), Plan (Spring Framework), Foundation (Spring Framework), RPAS Fusion Client (Spring Framework), Segment (Jackson-data-bind), Foundation (Jackson-data-bind), Foundation (Eclipse Mojarra), Return Tickets (Apache Ant), Employee (AntiSamy), Transaction Tracker (AntiSamy), Policy Evaluation (AntiSamy), Operations & Maintenance (Apache Ant), Employee (Apache Ant), BDI Job Scheduler (Apache Ant), Additionally, Transaction Tracker (Apache Ant), Mathematical Operators (Apache Ant), EBS Integration Bugs (Apache Ant), RIB Kernal (Apache Ant), Foundation (Apache Ant), Pricing (Apache Ant), RPAS Server (Apache Ant), RSB Installation (Apache Ant), SIM Integration (Apache Ant), Segment (Apache Commons IO), Segment (Apache HTTPClient), Segment (Google Guava).

CVEs:

CVE-2021-2351, CVE-2021-22118, CVE-2020-25649, CVE-2020-6950, CVE-2020-1945, CVE-2021-35043, CVE-2021-36374, CVE-2021-29425, CVE-2020-13956, CVE-2020-8908.

Oracle Siebel CRM

Products: 

Siebel Core – Automation, Siebel UI Framework, Siebel Apps – Marketing.

Affected Components: 

Test Automation (Eclipse Jetty), EAI (Apache Tomcat), EAI, SWSE (OpenSSL), Marketing (Apache Tomcat), Open UI (CKEditor), Marketing (Apache Log4j).

CVEs:

CVE-2021-28165, CVE-2021-25122, CVE-2016-2183, CVE-2020-9484, CVE-2021-26272, CVE-2020-9488.

Oracle Supply Chain

Products: 

Oracle Autovue for Agile Product Lifecycle Management, Oracle Agile PLM, Oracle Transportation Management.

Affected Components:

 Autovue Viewer Integration (Eclipse Jetty), Autovue Viewer Integration (Jackson-data-bind), Security (Apache Groovy), UI Infrastructure, Authentication.

CVEs:

CVE-2021-28165, CVE-2020-25649, CVE-2020-17521, CVE-2021-35616, CVE-2021-2476.

Oracle Systems

Products: Oracle ZFS Storage Appliance Kit, Oracle Solaris, Oracle Ethernet Switch ES2-64, Oracle Ethernet Switch ES2-72.
Affected Components: Operating System Image, Filesystem, Device drivers, Utility, Firmware (OpenSSL).
CVEs: CVE-2021-26691, CVE-2021-35539, CVE-2021-35589, CVE-2021-35549, CVE-2020-1968.

Oracle Utilities Applications

Products: Oracle Utilities Framework.
Affected Components: General (Apache Ant).
CVEs: CVE-2021-36374.

Oracle Critical Updates October 2021 Virtualization

Products: Oracle VM VirtualBox, Oracle Secure Global Desktop.
Affected Components:  Core, Server, Core (Apache Tomcat), Client.
CVEs: CVE-2021-35538, CVE-2021-35545, CVE-2021-35540, CVE-2021-35649, CVE-2021-33037, CVE-2021-35650, CVE-2021-35542, CVE-2021-2475.

SanerNow VM and SanerNow PM detect and hence automatically fix these vulnerabilities by applying security updates. Therefore, Use SanerNow and keep your systems updated and secure.

Share this article