Erman Arslan's Oracle Forum EBS 12.2

CVE-2022-21468

classic Classic list List threaded Threaded
5 messages Options
big
Reply | Threaded
Open this post in threaded view
|

CVE-2022-21468

big
Hi,

On R12.2.4 DB 11.2.0.4 on AIX

Where can I find the patches for CVE-2022-21468? I look for a document in which patch number is indicated and not only patch number.

In Document 2856621.1, Oracle E-Business Suite Release 12.2 Critical Patch Update Availability Document (April 2022)

There is nothing about that.

Thanks and regards.

PS: What is the method to find the patch for a vulnerability?
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2022-21468

ErmanArslansOracleBlog
Administrator
Apply April 2022 CPU.  (Patch 33782739: ORACLE APPLICATIONS RELEASE 12.2: CPU PATCH FOR APR 2022)

Reference: Oracle E-Business Suite Release 12.2 Critical Patch Update Availability Document (April 2022) (Doc ID 2856621.1) & https://www.oracle.com/security-alerts/cpuapr2022.html
big
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2022-21468

big
Thanks Erman.

How one can know that CVE-2022-21468 is adressed by Patch 33782739?

Best regards.
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2022-21468

ErmanArslansOracleBlog
Administrator
I already sent you the documents.. Please read them.

See -> https://www.oracle.com/security-alerts/cpuapr2022.html
Section : Oracle E-Business Suite Risk Matrix

Oracle E-Business Suite products include Oracle Database and Oracle Fusion Middleware components that are affected by the vulnerabilities listed in the Oracle Database and Oracle Fusion Middleware sections. The exposure of Oracle E-Business Suite products is dependent on the Oracle Database and Oracle Fusion Middleware versions being used. Oracle Database and Oracle Fusion Middleware security updates are not listed in the Oracle E-Business Suite risk matrix. However, since vulnerabilities affecting Oracle Database and Oracle Fusion Middleware versions may affect Oracle E-Business Suite products, Oracle recommends that customers apply the April 2022 Critical Patch Update to the Oracle Database and Oracle Fusion Middleware components of Oracle E-Business Suite. For information on what patches need to be applied to your environments, refer to Oracle E-Business Suite Release 12 Critical Patch Update Knowledge Document (April 2022), My Oracle Support Note 2484000.1.

And there in the risk matrix we have that CVE...!
big
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2022-21468

big
Yes, Thank you.

I was not patient enough to go down to Oracle E-Business Suite Risk Matrix section.

Best regards.
Free forum by Nabble Edit this page