
Oracle has released patches for the vulnerabilities persist in its product line as a part of January 2022 release. Whooping 497 updates has been released .
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to “Critical Patch Updates, Security Alerts and Bulletins” for information about Oracle Security advisories.”
Oracle Statement
The CPU will address critical vulnerabilities in Oracle Essbase, Graph Server and Client, Secure Backup, Communications Applications, Communications, Construction and Engineering, Enterprise Manager, Financial Services Applications, Fusion Middleware, Insurance Applications, PeopleSoft, Support Tools, and Utilities Applications.
Some of the vulnerabilities addressed in this Critical Patch Update impacts multiple products. Oracle also urges its customers to apply Critical Patch Update patches as soon as possible due to the risk of exploitation of the addressed vulnerabilities.
The IT giant pointed out that many of these vulnerabilities can be exploited by remote attackers without authentication. The highest CVSS v3.1 Base Score (10.0) was assigned to vulnerabilities affecting Oracle Communications Applications. The company will also address flaws in Oracle Essbase having a CVSS v3.1 Base Score of 9.9.
High-severity flaws will be fixed in Airlines Data Model, Big Data Graph, Communications Data Model, Commerce, Food and Beverage Applications, E-Business Suite, GoldenGate, Health Sciences Applications, HealthCare Applications, Hospitality Applications, Hyperion, iLearning, JD Edwards, MySQL, Policy Automation, Retail Applications, REST Data Services, Siebel CRM, Supply Chain, Systems, Spatial Studio, and TimesTen In-Memory.
Affected Products and Versions | Patch Availability Document |
Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite, version 3.6 | Oracle Supply Chain Products |
Application Performance Management, versions 13.4.1.0, 13.5.1.0 | Enterprise Manager |
Big Data Spatial and Graph, versions prior to 23.1 | Database |
Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0 | Enterprise Manager |
Enterprise Manager Ops Center, version 12.4.0.0 | Enterprise Manager |
Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2410, prior to XCP3110 | Systems |
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3 | Oracle Construction and Engineering Suite |
JD Edwards EnterpriseOne Tools, versions prior to 9.2.6.1 | JD Edwards |
MySQL Cluster, versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, 8.0.27 and prior | MySQL |
MySQL Connectors, versions 8.0.27 and prior | MySQL |
MySQL Server, versions 5.7.36 and prior, 8.0.27 and prior | MySQL |
MySQL Workbench, versions 8.0.27 and prior | MySQL |
Oracle Access Manager, versions 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Agile Engineering Data Management, version 6.2.1.0 | Oracle Supply Chain Products |
Oracle Agile PLM, versions 9.3.3, 9.3.6 | Oracle Supply Chain Products |
Oracle Agile PLM MCAD Connector, versions 3.4, 3.6 | Oracle Supply Chain Products |
Oracle Airlines Data Model, versions 12.1.1.0.0, 12.2.0.1.0 | Oracle Airlines Data Model |
Oracle Application Express, versions prior to 21.1.4 | Database |
Oracle Application Testing Suite, version 13.3.0.1 | Enterprise Manager |
Oracle Argus Analytics, versions 8.2.1, 8.2.2, 8.2.3 | Health Sciences |
Oracle Argus Insight, versions 8.2.1, 8.2.2, 8.2.3 | Health Sciences |
Oracle Argus Mart, versions 8.2.1, 8.2.2, 8.2.3 | Health Sciences |
Oracle Argus Safety, versions 8.2.1, 8.2.2, 8.2.3 | Health Sciences |
Oracle Banking APIs, versions 18.1-18.3, 19.1, 19.2, 20.1, 21.1 | Contact Support |
Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0 | Contact Support |
Oracle Banking Digital Experience, versions 17.2, 18.1-18.3, 19.1, 19.2, 20.1, 21.1 | Contact Support |
Oracle Banking Enterprise Default Management, versions 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1, 2.10.0, 2.12.0 | Oracle Banking Platform |
Oracle Banking Loans Servicing, version 2.12.0 | Contact Support |
Oracle Banking Party Management, version 2.7.0 | Oracle Banking Platform |
Oracle Banking Platform, versions 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1 | Oracle Banking Platform |
Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Business Activity Monitoring, versions 12.2.1.4.0, 12.2.1.5.0 | Fusion Middleware |
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Clinical, versions 5.2.1, 5.2.2 | Health Sciences |
Oracle Commerce Guided Search, version 11.3.2 | Oracle Commerce |
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2 | Oracle Commerce |
Oracle Communications Billing and Revenue Management, versions 12.0.0.3, 12.0.0.4 | Oracle Communications Billing and Revenue Management |
Oracle Communications BRM – Elastic Charging Engine, versions 11.3, 12.0 | Oracle Communications BRM – Elastic Charging Engine |
Oracle Communications Calendar Server, version 8.0.0.5.0 | Oracle Communications Calendar Server |
Oracle Communications Cloud Native Core Automated Test Suite, version 1.8.0 | Oracle Communications Cloud Native Core Automated Test Suite |
Oracle Communications Cloud Native Core Binding Support Function, versions 1.9.0, 1.10.0 | Oracle Communications Cloud Native Core Binding Support Function |
Oracle Communications Cloud Native Core Console, version 1.7.0 | Communications Cloud Native Core Console |
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 1.9.0 | Oracle Communications Cloud Native Core Network Function Cloud Native Environment |
Oracle Communications Cloud Native Core Network Repository Function, version 1.14.0 | Oracle Communications Cloud Native Core Network Repository Function |
Oracle Communications Cloud Native Core Policy, version 1.14.0 | Communications Cloud Native Core Policy |
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 1.5.0, 1.6.0, 1.15.0 | Communications Cloud Native Core Security Edge Protection Proxy |
Oracle Communications Cloud Native Core Service Communication Proxy, version 1.14.0 | Communications Cloud Native Core Service Communication Proxy |
Oracle Communications Cloud Native Core Unified Data Repository, version 1.14.0 | Communications Cloud Native Core Unified Data Repository |
Oracle Communications Contacts Server, version 8.0.0.3.0 | Oracle Communications Contacts Server |
Oracle Communications Convergence, version 3.0.2.2.0 | Oracle Communications Convergence |
Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0 | Oracle Communications Convergent Charging Controller |
Oracle Communications Data Model, versions 11.3.2.1.0, 11.3.2.2.0, 11.3.2.3.0, 12.1.0.1.0, 12.1.2.0.0 | Oracle Communications Data Model |
Oracle Communications Design Studio, versions 7.3.4, 7.3.5, 7.4.0, 7.4.1, 7.4.2 | Oracle Communications Design Studio |
Oracle Communications Diameter Signaling Router, versions 8.0.0.0-8.5.1.0 | Oracle Communications Diameter Signaling Router |
Oracle Communications EAGLE Application Processor, versions 16.1-16.4 | Oracle Communications EAGLE Application Processor |
Oracle Communications Instant Messaging Server, version 10.0.1.5.0 | Oracle Communications Instant Messaging Server |
Oracle Communications Interactive Session Recorder, versions 6.3, 6.4 | Oracle Communications Interactive Session Recorder |
Oracle Communications Messaging Server, version 8.1 | Oracle Communications Messaging Server |
Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0 | Oracle Communications Network Charging and Control |
Oracle Communications Network Integrity, versions 7.3.5, 7.3.6 | Oracle Communications Network Integrity |
Oracle Communications Offline Mediation Controller, version 12.0.0.3 | Oracle Communications Offline Mediation Controller |
Oracle Communications Operations Monitor, versions 3.4, 4.2, 4.3, 4.4, 5.0 | Oracle Communications Operations Monitor |
Oracle Communications Pricing Design Center, versions 12.0.0.3.0, 12.0.0.4.0 | Oracle Communications Pricing Design Center |
Oracle Communications Service Broker, version 6.2 | Oracle Communications Service Broker |
Oracle Communications Services Gatekeeper, version 7.0 | Oracle Communications Services Gatekeeper |
Oracle Communications Session Border Controller, versions 8.2, 8.3, 8.4, 9.0 | Oracle Communications Session Border Controller |
Oracle Communications Unified Inventory Management, versions 7.3.0, 7.3.4, 7.3.5, 7.4.0, 7.4.1, 7.4.2, 7.5.0 | Oracle Communications Unified Inventory Management |
Oracle Communications WebRTC Session Controller, versions 7.2.0, 7.2.1 | Oracle Communications WebRTC Session Controller |
Oracle Data Integrator, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Database Server, versions 12.1.0.2, 12.2.0.1, 19c, 21c | Database |
Oracle Demantra Demand Management, versions 12.2.6-12.2.11 | Oracle Supply Chain Products |
Oracle E-Business Suite, versions 12.2.3-12.2.11 | Oracle E-Business Suite |
Oracle Enterprise Communications Broker, version 3.3 | Oracle Enterprise Communications Broker |
Oracle Enterprise Data Quality, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Enterprise Session Border Controller, versions 8.4, 9.0 | Oracle Enterprise Session Border Controller |
Oracle Essbase, versions prior to 11.1.2.4.47, prior to 21.3 | Database |
Oracle Essbase Administration Services, versions prior to 11.1.2.4.47 | Database |
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7-8.1.1 | Oracle Financial Services Analytical Applications Infrastructure |
Oracle Financial Services Behavior Detection Platform, versions 8.0.7, 8.0.8, 8.1.1 | Oracle Financial Services Behavior Detection Platform |
Oracle Financial Services Enterprise Case Management, versions 8.0.7, 8.0.8, 8.1.1 | Oracle Financial Services Enterprise Case Management |
Oracle Financial Services Foreign Account Tax Compliance Act Management, versions 8.0.7, 8.0.8, 8.1.1 | Contact Support |
Oracle Financial Services Model Management and Governance, versions 8.0.8-8.1.1 | Oracle Financial Services Model Management and Governance |
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, versions 8.0.7, 8.0.8 | Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition |
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.4.0, 14.5.0 | Contact Support |
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0 | Contact Support |
Oracle Fusion Middleware, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0 | Fusion Middleware |
Oracle GoldenGate, versions prior to 12.3.0.1, prior to 19.1.0.0.220118, prior to 21.4.0.0.0, prior to 21.5.0.0.220118 | Database |
Oracle GraalVM Enterprise Edition, versions 20.3.4, 21.3.0 | Java SE |
Oracle Graph Server and Client, versions prior to 21.4 | Database |
Oracle Health Sciences Clinical Development Analytics, version 4.0.1 | Health Sciences |
Oracle Health Sciences InForm CRF Submit, version 6.2.1 | Health Sciences |
Oracle Health Sciences Information Manager, versions 3.0.2, 3.0.3 | HealthCare Applications |
Oracle Healthcare Data Repository, versions 7.0.2, 8.1.0, 8.1.1 | HealthCare Applications |
Oracle Healthcare Foundation, versions 7.3.0.0-7.3.0.2, 8.0.0-8.0.2, 8.1.0-8.1.1 | HealthCare Applications |
Oracle Healthcare Translational Research, version 4.1.0 | HealthCare Applications |
Oracle Hospitality Cruise Shipboard Property Management System, version 20.1.0 | Oracle Hospitality Cruise Shipboard Property Management System |
Oracle Hospitality OPERA 5, version 5.6 | Oracle Hospitality OPERA 5 Property Services |
Oracle Hospitality Reporting and Analytics, version 9.1.0 | Oracle Hospitality Reporting and Analytics |
Oracle Hospitality Suite8, versions 8.10.2, 8.11.0, 8.12.0, 8.13.0, 8.14.0 | Oracle Hospitality Suite8 |
Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0, 12.2.1.5.0 | Fusion Middleware |
Oracle Hyperion Infrastructure Technology, version 11.2.7.0 | Fusion Middleware |
Oracle iLearning, versions 6.2, 6.3 | iLearning |
Oracle Insurance Data Gateway, versions 11.0.2, 11.1.0, 11.2.7, 11.3.0, 11.3.1 | Oracle Insurance Applications |
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2.0, 5.4.0-5.6.0 | Oracle Insurance Applications |
Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0, 11.2.7, 11.3.0, 11.3.1 | Oracle Insurance Applications |
Oracle Insurance Policy Administration J2EE, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0 | Oracle Insurance Applications |
Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0, 11.3.1 | Oracle Insurance Applications |
Oracle Java SE, versions 7u321, 8u311, 11.0.13, 17.1 | Java SE |
Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle NoSQL Database, versions prior to 21.1.12 | NoSQL Database |
Oracle Policy Automation, versions 12.2.0-12.2.24 | Oracle Policy Automation |
Oracle Product Lifecycle Analytics, version 3.6.1 | Oracle Supply Chain Products |
Oracle Rapid Planning, versions 12.2.6-12.2.11 | Oracle Supply Chain Products |
Oracle Real User Experience Insight, versions 13.4.1.0, 13.5.1.0 | Enterprise Manager |
Oracle REST Data Services, versions prior to 21.2.4 | Database |
Oracle Retail Allocation, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 | Retail Applications |
Oracle Retail Analytics, version 21.0.1 | Retail Applications |
Oracle Retail Assortment Planning, version 16.0.3 | Retail Applications |
Oracle Retail Back Office, version 14.1 | Retail Applications |
Oracle Retail Central Office, version 14.1 | Retail Applications |
Oracle Retail Customer Insights, version 21.0.1 | Retail Applications |
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0-19.0 | Retail Applications |
Oracle Retail EFTLink, versions 16.0.3, 17.0.2, 18.0.1, 19.0.1, 20.0.1 | Retail Applications |
Oracle Retail Extract Transform and Load, version 13.2.8 | Retail Applications |
Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 | Retail Applications |
Oracle Retail Fiscal Management, version 14.2 | Retail Applications |
Oracle Retail Integration Bus, versions 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1 | Retail Applications |
Oracle Retail Invoice Matching, versions 15.0.3, 16.0.3 | Retail Applications |
Oracle Retail Merchandising System, version 19.0.1 | Retail Applications |
Oracle Retail Order Broker, versions 16.0, 18.0, 19.1 | Retail Applications |
Oracle Retail Order Management System, version 19.5 | Retail Applications |
Oracle Retail Point-of-Service, version 14.1 | Retail Applications |
Oracle Retail Predictive Application Server, versions 14.1.3, 14.1.3.46, 15.0.3, 15.0.3.115, 16.0.3, 16.0.3.240 | Retail Applications |
Oracle Retail Price Management, versions 13.2, 14.0.4, 14.1, 14.1.3, 15, 15.0.3, 16, 16.0.3 | Retail Applications |
Oracle Retail Returns Management, version 14.1 | Retail Applications |
Oracle Retail Service Backbone, versions 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1 | Retail Applications |
Oracle Retail Size Profile Optimization, version 16.0.3 | Retail Applications |
Oracle Retail Xstore Point of Service, versions 17.0.4, 18.0.3, 19.0.2, 20.0.1 | Retail Applications |
Oracle SD-WAN Aware, version 8.2 | Oracle SD-WAN Aware |
Oracle SD-WAN Edge, versions 9.0, 9.1 | Oracle SD-WAN Edge |
Oracle Secure Backup, versions prior to 18.1.0.1.0 | Oracle Secure Backup |
Oracle Solaris, versions 10, 11 | Systems |
Oracle Spatial Studio, versions prior to 21.2.1 | Database |
Oracle Thesaurus Management System, versions 5.2.3, 5.3.0, 5.3.1 | Health Sciences |
Oracle TimesTen In-Memory Database, versions prior to 11.2.2.8.27, prior to 21.1.1.1.0 | Database |
Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0 | Oracle Utilities Applications |
Oracle Utilities Testing Accelerator, versions 6.0.0.1.1, 6.0.0.2.2, 6.0.0.3.1 | Oracle Utilities Applications |
Oracle VM VirtualBox, versions prior to 6.1.32 | Virtualization |
Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle WebLogic Server, versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | Fusion Middleware |
Oracle ZFS Storage Appliance Kit, version 8.8 | Systems |
Oracle ZFS Storage Application Integration Engineering Software, version 1.3.3 | Systems |
OSS Support Tools, versions prior to 2.12.42 | Oracle Support Tools |
PeopleSoft Enterprise CS SA Integration Pack, versions 9.0, 9.2 | PeopleSoft |
PeopleSoft Enterprise PeopleTools, versions 8.57, 8.58, 8.59 | PeopleSoft |
Primavera Analytics, versions 18.8.3.3, 19.12.11.1, 20.12.12.0 | Oracle Construction and Engineering Suite |
Primavera Data Warehouse, versions 18.8.3.3, 19.12.11.1, 20.12.12.0 | Oracle Construction and Engineering Suite |
Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.13, 19.12.0-19.12.12, 20.12.0-20.12.7, 21.12.0 | Oracle Construction and Engineering Suite |
Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.18.0, 20.12.0.0-20.12.12.0, 21.12.0.0 | Oracle Construction and Engineering Suite |
Primavera P6 Professional Project Management, versions 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.17.0, 20.12.0.0-20.12.9.0 | Oracle Construction and Engineering Suite |
Primavera Portfolio Management, versions 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0, 20.0.0.1 | Oracle Construction and Engineering Suite |
Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12 | Oracle Construction and Engineering Suite |
Siebel Applications, versions 21.11 and prior | Siebel |