MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2017

MA-655.042017: MyCERT Advisory – Oracle Releases Security Bulletin for April 2017

Date first published: 25/4/2017


1.0 Introduction
Oracle has released its Critical Patch Update for April 2017 to address 299 vulnerabilities across multiple products.


2.0 Impact
Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.


3.0 Affected Products
 Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2

 Oracle Secure Backup, version(s) prior to 12.1.0.3.0

 Oracle Berkeley DB, version(s) prior to 6.2.32

 Oracle API Gateway, version(s) 11.1.2.4.0

 Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.0, 12.2.1.1

 Oracle Fusion Middleware MapViewer, version(s) 11.1.1.9, 12.2.1.1, 12.2.1.2

 Oracle GlassFish Server, version(s) 3.1.2

 Oracle Identity Manager, version(s) 11.1.2.3.0

 Oracle Service Bus, version(s) 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0

 Oracle Social Network, version(s) prior to 11.1.12.0.0 (17019101)

 Oracle WebCenter Content, version(s) 11.1.1.7, 11.1.1.9, 12.2.1.0, 12.2.1.1, 12.2.1.2

 Oracle WebCenter Sites, version(s) 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0

 Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2

 Oracle Hyperion Essbase, version(s) 11.1.2.2

 Enterprise Manager Base Platform, version(s) 12.1.0, 13.1.0, 13.2.0

 Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6

 Oracle Transportation Manager, version(s) 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1, 6.4.2

 PeopleSoft Enterprise CS Campus Community, version(s) 9.2

 PeopleSoft Enterprise FIN Receivables, version(s) 9.2

 PeopleSoft Enterprise FSCM, version(s) 9.1

 PeopleSoft Enterprise PeopleTools, version(s) 8.54, 8.55

 PeopleSoft Enterprise SCM eBill Payment, version(s) 9.2

 PeopleSoft Enterprise SCM eSupplier Connection, version(s) 9.2

 PeopleSoft Enterprise SCM Purchasing, version(s) 9.2

 PeopleSoft Enterprise SCM Service Procurement, version(s) 9.2

 PeopleSoft Enterprise SCM Strategic Sourcing, version(s) 9.2

 JD Edwards EnterpriseOne Tools, version(s) 9.2

 Siebel Applications, version(s) 6.1, 6.2, 7.0, 7.1

 Oracle Commerce Guided Search / Oracle Commerce Experience Manager, version(s) 6.1.4, 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1, 6.5.2, 11.0, 11.1, 11.2

 Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9

 Oracle Communications ASAP, version(s) 7.0, 7.2, 7.3

 Oracle Communications Network Integrity, version(s) 7.2.4, 7.3.0

 Oracle Communications Policy Management, version(s) 12.2

 Oracle Communications Security Gateway, version(s) 3.0.0

 Oracle Communications Service Broker Engineered System Edition, version(s) 6.0, 6.1

 Oracle Communications Session Border Controller, version(s) SCZ7.3.0, SCZ7.4.0

 Oracle Financial Services Analytical Applications Infrastructure, version(s) 7.3.3, 7.3.4, 7.3.5

 Oracle Financial Services Asset Liability Management, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4

 Oracle Financial Services Basel Regulatory Capital Basic, version(s) 6.1.2, 6.1.3, 8.0.2, 8.0.3

 Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, version(s) 6.1.2, 6.1.3, 8.0.2, 8.0.3

 Oracle Financial Services Data Foundation, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4

 Oracle Financial Services Data Integration Hub, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4

 Oracle Financial Services Enterprise Financial Performance Analytics, version(s) 8.0.0 to 8.0.4

 Oracle Financial Services Funds Transfer Pricing, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4

 Oracle Financial Services Hedge Management and IFRS Valuations, version(s) 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4

 Oracle Financial Services Institutional Performance Analytics, version(s) 8.0.0 to 8.0.4

 Oracle Financial Services Liquidity Risk Management, version(s) 8.0.1, 8.0.2, 8.0.4

 Oracle Financial Services Loan Loss Forecasting and Provisioning, version(s) 1.5.0, 1.5.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4

 Oracle Financial Services Pricing Management/Transfer Pricing Component, version(s) 8.0.0 to 8.0.4

 Oracle Financial Services Profitability Management, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4

 Oracle Financial Services Reconciliation Framework, version(s) 8.0.0, 8.0.1, 8.0.2

 Oracle Financial Services Retail Customer Analytics, version(s) 8.0.0 to 8.0.3

 Oracle Financial Services Retail Performance Analytics, version(s) 8.0.0 to 8.0.4

 Oracle FLEXCUBE Direct Banking, version(s) 12.0.2, 12.0.3

 Oracle FLEXCUBE Enterprise Limits and Collateral Management, version(s) 12.0.0, 12.0.1, 12.1.0

 Oracle FLEXCUBE Investor Servicing, version(s) 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0, 12.3.0

 Oracle FLEXCUBE Private Banking, version(s) 2.0.0, 2.0.1, 2.2.0.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0

 Oracle FLEXCUBE Universal Banking, version(s) 11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0

 Oracle Insurance Data Foundation, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4

 Oracle Healthcare Master Person Index, version(s) 3.0.0.x and 4.0.1.x, prior to and 2.0.1.x

 Oracle Hospitality OPERA 5 Property Services, version(s) 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x, 5.5.1.x

 Oracle Insurance Istream, version(s) 4.3.2 and prior

 MICROS Lucas, version(s) 2.9.5.1, 2.9.5.2, 2.9.5.3, 2.9.5.4, 2.9.5.5

 MICROS Relate CRM Software, version(s) 10.0, 10.5, 10.8, 11.0, 11.1, 11.4, 15.0

 MICROS XBR, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.7, 10.8.0, 10.8.1

 MICROS Xstore Payment, version(s) 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, 16.0

 Oracle Retail Advanced Inventory Planning, version(s) 14.1, 15.0

 Oracle Retail Advanced Science Engine, version(s) 14.1

 Oracle Retail Analytic Parameter Calculator - RO, version(s) 15.0

 Oracle Retail Analytics, version(s) 14.0, 14.1, 15.0, 16.0

 Oracle Retail Assortment Planning, version(s) 14.1.3, 15.0.1, 16.0.0

 Oracle Retail Back Office, version(s) 14.1

 Oracle Retail Category Management, version(s) 13.2, 13.3, 14.0, 14.1

 Oracle Retail Category Management Planning & Optimization, version(s) 15.0

 Oracle Retail Customer Insights, version(s) 15.0

 Oracle Retail Customer Management and Segmentation Foundation, version(s) 15.0

 Oracle Retail Demand Forecasting, version(s) 14.1.3, 15.0.2

 Oracle Retail Invoice Matching, version(s) 12.0, 13.0, 13.1, 13.2, 14.0, 14.1

 Oracle Retail Item Planning, version(s) 14.1.3, 15.0.2

 Oracle Retail Macro Space Optimization, version(s) 15.0.2

 Oracle Retail Merchandise Financial Planning, version(s) 14.1.3, 15.0.2

 Oracle Retail Merchandising Insights, version(s) 15.0

 Oracle Retail Open Commerce Platform, version(s) 4.0, 5.0, 5.1, 5.3, 6.0, 6.1, 15.0, 16.0

 Oracle Retail Order Broker, version(s) 5.1, 5.2, 15.0, 16.0

 Oracle Retail Point-of-Service, version(s) 14.1.3

 Oracle Retail Predictive Application Server, version(s) 13.1, 13.2, 13.3, 13.3.3, 13.4, 13.4.3, 14.0, 14.0.3, 14.1, 14.1.3, 15.0, 15.0.2, 16.0.0

 Oracle Retail Regular Price Optimization, version(s) 14.1.3, 15.0.2

 Oracle Retail Replenishment Optimization, version(s) 14.1.3, 15.0.2

 Oracle Retail Returns Management, version(s) 14.1

 Oracle Retail Size Profile Optimization, version(s) 14.1.3, 15.0.2

 Oracle Retail Store Inventory, version(s) 14.1, 15.0, 16.0

 Oracle Retail Warehouse Management System, version(s) 13.2, 14.0, 15.0

 Oracle Retail XBRi Loss Prevention, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1

 Oracle Retail Xstore Point of Service, version(s) 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, 16.0

 Oracle Real-Time Scheduler, version(s) 2.2.0.3.13, 2.3.0.0, 2.3.0.1

 Oracle Utilities Customer Self Service, version(s) 2.1.0.2.0

 Oracle Utilities Framework, version(s) 2.2.0.0.0, 4.1.0.1.0, 4.1.0.2.0, 4.2.0.1.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0, 4.3.0.2.0, 4.3.0.3.0

 Oracle Utilities Work and Asset Management, version(s) 1.9.1.2.11

 Primavera Gateway, version(s) 1.0, 1.1, 14.2, 15.1, 15.2, 16.1, 16.2

 Primavera P6 Enterprise Project Portfolio Management, version(s) 8.3, 8.4, 15.1, 15.2, 16.1, 16.2

 Primavera Unifier, version(s) 9.13, 9.14, 10.0, 10.1, 15.1, 15.2

 Oracle Java SE, version(s) 6u141, 7u131, 8u121

 Oracle Java SE Embedded, version(s) 8u121

 Oracle JRockit, version(s) R28.3.13

 Oracle SuperCluster Specific Software, version(s) 2.3.8, 2.3.13

 Solaris, version(s) 10, 11.3, None

 Solaris Cluster, version(s) 4.3

 StorageTek Tape Analytics SW Tool, version(s) prior to 2.2.1

 Sun ZFS Storage Appliance Kit (AK), version(s) AK 2013

 Oracle VM VirtualBox, version(s) prior to 5.0.38, prior to 5.1.20

 Secure Global Desktop, version(s) 4.71, 5.2, 5.3

 MySQL Cluster, version(s) 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior, 7.5.5 and prior

 MySQL Connectors, version(s) 2.1.5 and prior, 5.1.41 and prior

 MySQL Enterprise Backup, version(s) 3.12.3 and prior, 4.0.3 and prior

 MySQL Enterprise Monitor, version(s) 3.1.6.8003 and prior, 3.2.1182 and prior, 3.3.2.1162 and prior

 MySQL Server, version(s) 5.5.54 and prior, 5.6.35 and prior, 5.7.17 and prior, 5.7.11 to 5.7.17

 MySQL Workbench, version(s) 6.3.8 and prior

 Automatic Service Request (ASR), version(s) prior to 5.7

 Oracle Advanced Support Gateway, version(s) prior to 7.2

 Oracle Trace File Analyzer (TFA), version(s) prior to 12.1.2.8.4

 OSS Support Tools, version(s) prior to RDA 8.15.17.3.14


4.0 Recommendations
Users and administrators are advised to refer the URL provided below for Oracle’s advisories and links to software patches:


Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practices and security policies to determine the necessary updates that should be in place.


For further enquiries, please contact MyCERT through the following channels:

Phone: 1-300-88-2999 (monitored during business hours)

Fax: +603 89453442 

Mobile: +60 19 2665850 (24x7 call incident reporting)

SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888

Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT

Cyber999 Mobile Apps: IOS Users or Android Users


5.0 References