Oracle has released its Critical Patch Update (CPU) for the month of January 2022. This CPU contains fixes for 266 CVEs in 497 security updates spanning 39 Oracle product families.
Among the vulnerabilities addressed in this CPU, more than half can be remotely exploited without authentication. Additionally, it addresses CVE-2021-44228 and CVE-2021-45046 (an Apache Log4j related vulnerability) across multiple products. In various Oracle products, this update mitigates critical, high, medium and low severity vulnerabilities.
Some notable products that are patched in Jan 2022 update includes- Oracle’s Communications(with highest number of patches) , MySQL, Financial Services Applications ,Retail Applications, Fusion Middleware , Construction and Engineering, PeopleSoft, Utilities Applications , Supply Chain, E-Business Suite, Health Sciences Applications, Insurance Applications, Enterprise Manager , and Commerce.
| CVE/Vulnerability | Affected Products and Versions |
Multiple | Oracle Application Express, versions prior to 21.1.4 |
Multiple | Oracle Application Testing Suite, version 13.3.0.1 |
Multiple | Oracle Argus Analytics, versions 8.2.1, 8.2.2, 8.2.3 |
Multiple | Oracle Argus Insight, versions 8.2.1, 8.2.2, 8.2.3 |
Multiple | Oracle Argus Mart, versions 8.2.1, 8.2.2, 8.2.3 |
Multiple | Oracle Argus Safety, versions 8.2.1, 8.2.2, 8.2.3 |
Multiple | Oracle Banking APIs, versions 18.1-18.3, 19.1, 19.2, 20.1, 21.1 |
Multiple | Oracle Banking Deposits and Lines of Credit Servicing, version 2.12.0 |
Multiple | Oracle Banking Digital Experience, versions 17.2, 18.1-18.3, 19.1, 19.2, 20.1, 21.1 |
Multiple | Oracle Banking Enterprise Default Management, versions 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1, 2.10.0, 2.12.0 |
Multiple | Oracle Banking Loans Servicing, version 2.12.0 |
Multiple | Oracle Banking Party Management, version 2.7.0 |
Multiple | Oracle Banking Platform, versions 2.3.0-2.4.1, 2.6.2, 2.7.0, 2.7.1 |
Multiple | Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 |
Multiple | Oracle Business Activity Monitoring, versions 12.2.1.4.0, 12.2.1.5.0 |
Multiple | Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0, 12.2.1.4.0 |
Multiple | Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0 |
Multiple | Oracle Clinical, versions 5.2.1, 5.2.2 |
Multiple | Oracle Commerce Guided Search, version 11.3.2 |
Multiple | Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2 |
Multiple | Oracle Communications Billing and Revenue Management, versions 12.0.0.3, 12.0.0.4 |
Multiple | Oracle Communications BRM - Elastic Charging Engine, versions 11.3, 12.0 |
Multiple | Oracle Communications Calendar Server, version 8.0.0.5.0 |
Multiple | Oracle Communications Cloud Native Core Automated Test Suite, version 1.8.0 |
Multiple | Oracle Communications Cloud Native Core Binding Support Function, versions 1.9.0, 1.10.0 |
Multiple | Oracle Communications Cloud Native Core Console, version 1.7.0 |
Multiple | Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 1.9.0 |
Multiple | Oracle Communications Cloud Native Core Network Repository Function, version 1.14.0 |
Multiple | Oracle Communications Cloud Native Core Policy, version 1.14.0 |
Multiple | Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 1.5.0, 1.6.0, 1.15.0 |
Multiple | Oracle Communications Cloud Native Core Service Communication Proxy, version 1.14.0 |
Multiple | Oracle Communications Cloud Native Core Unified Data Repository, version 1.14.0 |
Multiple | Oracle Communications Contacts Server, version 8.0.0.3.0 |
Multiple | Oracle Communications Convergence, version 3.0.2.2.0 |
Multiple | Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.4.0.0 |
Multiple | Oracle Communications Data Model, versions 11.3.2.1.0, 11.3.2.2.0, 11.3.2.3.0, 12.1.0.1.0, 12.1.2.0.0 |
Multiple | Oracle Health Sciences Clinical Development Analytics, version 4.0.1 |
Multiple | Oracle Health Sciences InForm CRF Submit, version 6.2.1 |
Multiple | Oracle Health Sciences Information Manager, versions 3.0.2, 3.0.3 |
Multiple | Oracle Healthcare Data Repository, versions 7.0.2, 8.1.0, 8.1.1 |
Multiple | Oracle Healthcare Foundation, versions 7.3.0.0-7.3.0.2, 8.0.0-8.0.2, 8.1.0-8.1.1 |
Multiple | Oracle Healthcare Translational Research, version 4.1.0 |
Multiple | Oracle Hospitality Cruise Shipboard Property Management System, version 20.1.0 |
Multiple | Oracle Hospitality OPERA 5, version 5.6 |
Multiple | Oracle Hospitality Reporting and Analytics, version 9.1.0 |
Multiple | Oracle Hospitality Suite8, versions 8.10.2, 8.11.0, 8.12.0, 8.13.0, 8.14.0 |
Multiple | Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0, 12.2.1.5.0 |
Multiple | Oracle Hyperion Infrastructure Technology, version 11.2.7.0 |
Multiple | Oracle iLearning, versions 6.2, 6.3 |
Multiple | Oracle Insurance Data Gateway, versions 11.0.2, 11.1.0, 11.2.7, 11.3.0, 11.3.1 |
Multiple | Oracle Insurance Insbridge Rating and Underwriting, versions 5.2.0, 5.4.0-5.6.0 |
Multiple | Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0, 11.2.7, 11.3.0, 11.3.1 |
Multiple | Oracle Insurance Policy Administration J2EE, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0 |
Multiple | Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0-11.3.0, 11.3.1 |
Multiple | Oracle Java SE, versions 7u321, 8u311, 11.0.13, 17.1 |
Multiple | Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0 |
Multiple | Oracle NoSQL Database, versions prior to 21.1.12 |
Multiple | Oracle Policy Automation, versions 12.2.0-12.2.24 |
Multiple | Oracle Product Lifecycle Analytics, version 3.6.1 |
Multiple | Oracle Rapid Planning, versions 12.2.6-12.2.11 |
Multiple | Oracle Real User Experience Insight, versions 13.4.1.0, 13.5.1.0 |
Multiple | Oracle REST Data Services, versions prior to 21.2.4 |
Multiple | Oracle Retail Allocation, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 |
Multiple | Oracle Retail Analytics, version 21.0.1 |
Multiple | Oracle Retail Assortment Planning, version 16.0.3 |
Multiple | Oracle Retail Back Office, version 14.1 |
Multiple | Oracle Retail Central Office, version 14.1 |
Multiple | Oracle Retail Customer Insights, version 21.0.1 |
Multiple | Oracle Retail Customer Management and Segmentation Foundation, versions 16.0-19.0 |
Multiple | Oracle Retail EFTLink, versions 16.0.3, 17.0.2, 18.0.1, 19.0.1, 20.0.1 |
Multiple | Oracle Retail Extract Transform and Load, version 13.2.8 |
Multiple | Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3, 19.0.1 |
Multiple | Oracle Retail Fiscal Management, version 14.2 |
Multiple | Oracle Retail Integration Bus, versions 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1-16.0.3, 19.0.0, 19.0.1 |
Multiple | Oracle Retail Invoice Matching, versions 15.0.3, 16.0.3 |
Multiple | Oracle Retail Merchandising System, version 19.0.1 |
Multiple | Oracle Retail Order Broker, versions 16.0, 18.0, 19.1 |
Multiple | Oracle Retail Order Management System, version 19.5 |
Multiple | Oracle Retail Point-of-Service, version 14.1 |
Multiple | Oracle Retail Predictive Application Server, versions 14.1.3, 14.1.3.46, 15.0.3, 15.0.3.115, 16.0.3, 16.0.3.240 |
Multiple | Oracle Retail Price Management, versions 13.2, 14.0.4, 14.1, 14.1.3, 15, 15.0.3, 16, 16.0.3 |
Multiple | Oracle Retail Returns Management, version 14.1 |
Multiple | Oracle Retail Service Backbone, versions 14.1.3.0, 14.1.3.2, 15.0.3.1, 16.0.1- 16.0.3, 19.0.0, 19.0.1 |
Multiple | Oracle Retail Size Profile Optimization, version 16.0.3 |
Multiple | Oracle Retail Xstore Point of Service, versions 17.0.4, 18.0.3, 19.0.2, 20.0.1 |
Multiple | Oracle SD-WAN Aware, version 8.2 |
Multiple | Oracle SD-WAN Edge, versions 9.0, 9.1 |
Multiple | Oracle Secure Backup, versions prior to 18.1.0.1.0 |
Multiple | Oracle Solaris, versions 10, 11 |
Multiple | Oracle Spatial Studio, versions prior to 21.2.1 |
Multiple | Oracle Thesaurus Management System, versions 5.2.3, 5.3.0, 5.3.1 |
Multiple | Oracle TimesTen In-Memory Database, versions prior to 11.2.2.8.27, prior to 21.1.1.1.0 |
Multiple | Oracle Utilities Framework, versions 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0 |
Multiple | Oracle Utilities Testing Accelerator, versions 6.0.0.1.1, 6.0.0.2.2, 6.0.0.3.1 |
Multiple | Oracle VM VirtualBox, versions prior to 6.1.32 |
Multiple | Oracle WebCenter Portal, versions 12.2.1.3.0, 12.2.1.4.0 |
Multiple | Oracle WebLogic Server, versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 |
Multiple | Oracle ZFS Storage Appliance Kit, version 8.8 |
Multiple | Oracle ZFS Storage Application Integration Engineering Software, version 1.3.3 |
Multiple | OSS Support Tools, versions prior to 2.12.42 |
Multiple | PeopleSoft Enterprise CS SA Integration Pack, versions 9.0, 9.2 |
Multiple | PeopleSoft Enterprise PeopleTools, versions 8.57, 8.58, 8.59 |
Multiple | Primavera Analytics, versions 18.8.3.3, 19.12.11.1, 20.12.12.0 |
Multiple | Primavera Data Warehouse, versions 18.8.3.3, 19.12.11.1, 20.12.12.0 |
Multiple | Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.13, 19.12.0-19.12.12, 20.12.0-20.12.7, 21.12.0 |
Multiple | Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0.0- 17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.18.0, 20.12.0.0-20.12.12.0, 21.12.0.0 |
Multiple | Primavera P6 Professional Project Management, versions 17.12.0.0-17.12.20.0, 18.8.0.0-18.8.24.0, 19.12.0.0-19.12.17.0, 20.12.0.0-20.12.9.0 |
Multiple | Primavera Portfolio Management, versions 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0, 20.0.0.1 |
Multiple | Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12, 21.12 |
Multiple | Siebel Applications, versions 21.12 and prior |
