轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202605-00000016

[內容說明]
【CVE-2026-46833，CVSS：9.0】 此漏洞存在於Oracle Database Server的Net Service元件，允許未經身分驗證的攻擊者透過TLS存取Net Service元件，可能對其他產品造成重大影響。
【CVE-2026-46840，CVSS：10.0】 此漏洞存在於Oracle REST Data Services的Backend-as-a-Service元件，允許未經身分驗證的攻擊者透過HTTPS網路存取Oracle REST Data Services。
【CVE-2026-46775，CVSS：9.9、CVE-2026-46839，CVSS：9.9】 此漏洞存在於Oracle REST Data Services的Core元件，低權限的攻擊者可透過HTTPS網路存取Oracle REST Data Services，若成功利用可能導致Oracle REST Data Services被完全控制。
【CVE-2026-2332，CVSS：9.1】 此漏洞存在於Oracle REST Data Services的Core (Eclipse Jetty)元件，允許未經身分驗證的攻擊者透過HTTPS網路存取Oracle REST Data Services，若成功利用可能導致未經授權新增、刪除或修改關鍵數據。
【CVE-2026-33557，CVSS：9.1】 此漏洞存在於Oracle Communications Unified Assurance的Message Bus (Apache Kafka)元件，允許未經身分驗證的攻擊者透過TCP網路存取Oracle Communications Unified Assurance，若成功利用可能導致未經授權新增、刪除或修改關鍵數據。
【CVE-2025-15467，CVSS：8.8】 此漏洞存在於Oracle Communications Unified Assurance的Core (MySQL Server)元件，允許未經身分驗證的攻擊者透過HTTP 網路存取Oracle Communications Unified Assurance。若要成功利用此漏洞需仰賴除攻擊者之外的其他使用者互動。
【CVE-2026-41044，CVSS：8.8】 此漏洞存在於Oracle Communications Unified Assurance的Message Bus (Apache Kafka)元件，低權限的攻擊者可透過HTTPS網路存取Oracle Communications Unified Assurance，若成功利用可能導致Oracle Communications Unified Assurance被完全控制。
【CVE-2026-46822，CVSS：9.9】 此漏洞存在於Oracle iAssets的Internal Operations元件，低權限的攻擊者可透過HTTPS網路存取Oracle iAssets並使其遭受攻擊，若成功利用可能導致Oracle iAssets被完全控制。
【CVE-2026-46824，CVSS：9.9】 此漏洞存在於Oracle Universal Work Queue的Work Provider Site Level Administration元件，低權限的攻擊者可透過HTTPS網路存取Oracle Universal Work Queue，若成功利用可能導致Oracle Universal Work Queue被完全控制。
【CVE-2026-46817，CVSS：9.8】 此漏洞存在於Oracle Payments的File Transmission元件，允許未經身分驗證的攻擊者透過HTTP網路存取Oracle Payments，若成功利用可能導致Oracle Payments被完全控制。
【CVE-2026-46819，CVSS：9.1】 此漏洞存在於Oracle Internet Procurement Connector的Internal Operations元件，允許未經身分驗證的攻擊者透過HTTP 網路存取Oracle Internet Procurement Connector，若成功利用可能導致未經授權新增、刪除或修改關鍵數據。
【CVE-2026-46837，CVSS：8.8】 此漏洞存在於Oracle Flow Manufacturing的Security元件，低權限的攻擊者可透過SQL存取網路，若成功利用可能導致Oracle Flow Manufacturing被完全控制。
【CVE-2026-46826，CVSS：8.8】 此漏洞存在於Oracle Payroll的Internal Operations元件，低權限的攻擊者可透過HTTPS網路存取，若成功利用可能導致Oracle Payroll被完全控制。
【CVE-2026-46827，CVSS：8.8】 此漏洞存在於Oracle Payroll的Self Service Manager元件，低權限的攻擊者可透過HTTP網路存取，若成功利用可能導致Oracle Payroll被完全控制。
【CVE-2026-34311，CVSS：9.8】 此漏洞存在於Oracle Hospitality OPERA 5 Property Services的Opera元件，允許未經身分驗證的攻擊者透過HTTP 網路存取Oracle Hospitality OPERA 5 Property Services，若成功利用可能導致OPERA 5 Property Services被完全控制。

[影響平台]
Oracle Communications Unified Assurance 6.11至7.00版本
Oracle Database Server 23.4.0至23.26.2版本
Oracle Flow Manufacturing 12.2.3至12.2.15版本
Oracle Hospitality OPERA 5 Property Services 5.6.19.24
Oracle Hospitality OPERA 5 Property Services 5.6.22
Oracle Hospitality OPERA 5 Property Services 5.6.25.19
Oracle Hospitality OPERA 5 Property Services 5.6.27.6
Oracle Hospitality OPERA 5 Property Services 5.6.28
Oracle iAssets 12.2.3至12.2.15版本
Oracle Internet Procurement Connector 12.2.3至12.2.15版本
Oracle Payments 12.2.3至12.2.15版本
Oracle Payroll 12.2.3至12.2.15版本
Oracle REST Data Services 24.2.0至26.1.0版本
Oracle Universal Work Queue 12.2.3至12.2.15版本

[建議措施]
根據官方網站釋出的解決方式進行修補: https://www.oracle.com/security-alerts/cspumay2026.html

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10945-d47ee-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202605-00000016

[Content Description]
【CVE-2026-46833, CVSS: 9.0】 This vulnerability exists in the Net Service component of Oracle Database Server, allowing unauthenticated attackers to access the Net Service component via TLS, potentially causing significant impact on other products.
【CVE-2026-46840, CVSS: 10.0】 This vulnerability exists in the Backend-as-a-Service component of Oracle REST Data Services, allowing unauthenticated attackers to access Oracle REST Data Services via HTTPS.
【CVE-2026-46775, CVSS: 9.9; CVE-2026-46839, CVSS: 9.9】This vulnerability exists in the Oracle REST Data Services Core component. A low-privilege attacker could access Oracle REST Data Services over an HTTPS network. Successful exploitation could lead to complete control of Oracle REST Data Services.
【CVE-2026-2332, CVSS: 9.1】This vulnerability exists in the Oracle REST Data Services Core (Eclipse Jetty) component. It allows unauthenticated attackers to access Oracle REST Data Services over an HTTPS network. Successful exploitation could lead to unauthorized addition, deletion, or modification of critical data.
【CVE-2026-33557, CVSS: 9.1】This vulnerability exists in the Oracle Communications Unified Assurance Message Bus (Apache Kafka) component. It allows unauthenticated attackers to access Oracle Communications Unified Assurance over a TCP network. Successful exploitation could lead to unauthorized addition, deletion, or modification of critical data.
【CVE-2025-15467, CVSS: 8.8】This vulnerability exists in the Oracle Communications Unified Assurance Core (MySQL Server) component, allowing unauthenticated attackers to access Oracle Communications Unified Assurance over an HTTP network. Successful exploitation requires interaction from a user other than the attacker.
【CVE-2026-41044, CVSS: 8.8】This vulnerability exists in the Oracle Communications Unified Assurance Message Bus (Apache Kafka) component. Low-privilege attackers can access Oracle Communications Unified Assurance over an HTTPS network. Successful exploitation could lead to complete control of Oracle Communications Unified Assurance.
【CVE-2026-46822, CVSS: 9.9】This vulnerability exists in the Oracle iAssets Internal Operations component. Low-privilege attackers can access and compromise Oracle iAssets over an HTTPS network. Successful exploitation could lead to complete control of Oracle iAssets.
【CVE-2026-46824, CVSS: 9.9】This vulnerability exists in the Work Provider Site Level Administration component of Oracle Universal Work Queue. A low-privilege attacker could access Oracle Universal Work Queue via HTTPS, potentially gaining complete control over the system.
【CVE-2026-46817, CVSS: 9.8】This vulnerability exists in the File Transmission component of Oracle Payments, allowing unauthenticated attackers to access Oracle Payments via HTTP. Successful exploitation could lead to complete control over Oracle Payments.
【CVE-2026-46819, CVSS: 9.1】This vulnerability exists in the Internal Operations component of Oracle Internet Procurement Connector, allowing unauthenticated attackers to access Oracle Internet Procurement Connector via HTTP. Successful exploitation could lead to unauthorized addition, deletion, or modification of critical data.
【CVE-2026-46837, CVSS: 8.8】This vulnerability exists in the Security component of Oracle Flow Manufacturing. A low-privilege attacker can access the network via SQL. Successful exploitation could lead to complete control of Oracle Flow Manufacturing.
【CVE-2026-46826, CVSS: 8.8】This vulnerability exists in the Internal Operations component of Oracle Payroll. A low-privilege attacker can access the network via HTTPS. Successful exploitation could lead to complete control of Oracle Payroll.
【CVE-2026-46827, CVSS: 8.8】This vulnerability exists in the Self Service Manager component of Oracle Payroll. A low-privilege attacker can access the network via HTTP. Successful exploitation could lead to complete control of Oracle Payroll.
【CVE-2026-34311, CVSS: 9.8】This vulnerability exists in the Opera component of Oracle Hospitality OPERA 5 Property Services, allowing unauthenticated attackers to access Oracle Hospitality OPERA 5 Property Services via HTTP. Successful exploitation could lead to complete control of Opera 5 Property Services.

[Affected Platforms]
Oracle Communications Unified Assurance versions 6.11 to 7.00
Oracle Database Server versions 23.4.0 to 23.26.2
Oracle Flow Manufacturing versions 12.2.3 to 12.2.15
Oracle Hospitality OPERA 5 Property Services version 5.6.19.24
Oracle Hospitality OPERA 5 Property Services version 5.6.22
Oracle Hospitality OPERA 5 Property Services version 5.6.25.19
Oracle Hospitality OPERA 5 Property Services version 5.6.27.6
Oracle Hospitality OPERA 5 Property Services version 5.6.28
Oracle iAssets versions 12.2.3 to 12.2.15
Oracle Internet Procurement Connector versions 12.2.3 to 12.2.15
Oracle Payments versions 12.2.3 to 12.2.15
Oracle Payroll Versions 12.2.3 to 12.2.15
Oracle REST Data Services versions 24.2.0 to 26.1.0
Oracle Universal Work Queue versions 12.2.3 to 12.2.15

[Recommended Action]
Patch according to the solutions released on the official website: https://www.oracle.com/security-alerts/cspumay2026.html

[References]
1. https://www.twcert.org.tw/tw/cp-169-10945-d47ee-1.html