PCA-X8- Engineered system - OEL 6.9

We have Vulnerabilities on Oracle MDM – V2.2.0.2.0 and Weblogic-v12.2.1
OEL - 6.9

I need your guidance how to resolve these Vulnerabilities.

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel

CVE-2015-8952,CVE-2016-3140,CVE-2016-3672,CVE-2016-3951,CVE-2016-7097,CVE-2016-7425,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8645,CVE-2016-9178,CVE-2016-9588,CVE-2016-9644,CVE-2016-9756,CVE-2016-10088,CVE-2016-10147,CVE-2017-2596,CVE-2017-2636,CVE-2017-5897,CVE-2017-5970,CVE-2017-6001,CVE-2017-6345,CVE-2017-7187

Oracle WebLogic Server Multiple Vulnerabilities
CVE-2015-7501,CVE-2016-3505,CVE-2016-3551,CVE-2016-5488,CVE-2016-5531,CVE-2016-5535,CVE-2016-5601

Thanks -

Hi,

The purpose of this forum is to give you insights, guidance.. My purpose is not doing the actual work :) I hope you already understand there..

Well..You have to make a table listing these vulnerabilities and their fixes(patches) and then plan your actions accordingly.

Generally -> WLS PATCH SET UPDATE + WLS OVERLAY PATCH will fix these kinds of issues. But! you got to pay attention to the release information. (4 digit, such as 12.2.1.4 or 12.2.1.3)

Latest PSUs generally do the work..

For instance; 12.2.1.4 -> we have 33416868 WLS PATCH SET UPDATE 12.2.1.4.210930..

As for the Linux side, the approach is similar. You got to do kernel upgrade or patch your env.. (sometimes you may delete unnecessary packages/services to get rid of those vulnerabilities)..
Again , you got to check the vulnerabilities one by one and then decide your action.

Check the following MOS notes: they will give you the general idea ->

Responding to the CVE-2017-5753 (Spectre v1), CVE-2017-5715 (Spectre v2), and CVE-2017-5754 (Meltdown) vulnerabilities in Oracle Linux and Oracle VM on Oracle x86 Servers (Doc ID 2370398.1)
1593465.1 "Unbreakable Linux Network (ULN) Administrative Features for Errata and CVEs"
Oracle Linux 6: Reference Index of Security Vulnerability Bug fixes, CVE IDs and Oracle Linux Errata (Doc ID 2112930.1)
Oracle Linux 7: Reference Index of Security Vulnerability bug fixes, CVE IDs and Oracle Linux Errata (Doc ID 2097219.1)

Now, I realized that your question is actually on PCA.. So PCA is a unique and rare machine.. Please create a SR on Oracle Support and ask them.. They may lead you on this subject.. You may fix those vulnerabilities by applying a bundle patch or something.. Keep the things that I wrote you on my previous update, but as your env is PCA, please check it with Oracle support, as well..

Thanks Erman.