My Oracle Support Banner

Oracle Global Lifecycle Management (OPatch) (Jan 2023 CPU) - CVE-2022-42003 CVE-2022-42003 (Doc ID 2963625.1)

Last updated on JULY 26, 2023

Applies to:

SOA on Marketplace - Version 12.2.1.4 and later
Information in this document applies to any platform.

Goal

On : NA version,

Oracle Global Lifecycle Management (OPatch) (Jan 2023 CPU)

The installation of Oracle Global Lifecycle Management (OPatch) installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory.

  - Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues (jackson-databind)). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Global Lifecycle Management NextGen OUI Framework. (CVE-2022-42003)

  - Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues (Apache Mina SSHD)). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework.
(CVE-2022-45047)

  - Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management NextGen OUI Framework executes to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks require human interaction from a person other than the attacker.
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.