Oracle官方发布了2023年7月的关键安全补丁集合更新CPU(Critical Patch Update),修复了多个漏洞包括CVE-2023-26119、CVE-2023-1436、CVE-2023-22040、CVE-2023-22053等。大部分为第三组件漏洞,其中Oracle WebLogic Server安全特性绕过漏洞(CVE-2023-22040)影响相对较大。根据目前已有信息研判本次漏洞危害性一般,建议排期逐步修复应用7月关键安全补丁集合(CPU)。
| CVE编号 | 影响组件 | 协议 | 是否远程未授权利用 | CVSS | 受影响版本 |
| CVE-2023-22040 | Oracle WebLogic Server(core) | Multiple | 否 | 6.5 | 12.2.1.4.0, 14.1.1.0.0 |
| CVE-2023-22031 | Oracle WebLogic Server(Core) | T3, IIOP | 否 | 4.4 | 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 |
| CVE-2023-22053 | MySQL Server: Client programs | MySQL Protocol | 否 | 5.9 | 5.7.42 and prior, 8.0.33 and prior |
| CVE-2023-22008 | MySQL Server: InnoDB | MySQL Protocol | 否 | 4.9 | 8.0.33 and prior |
| CVE-2023-22046 | MySQL Server: Server: Optimizer | MySQL Protocol | 否 | 4.9 | 8.0.33 and prior |
| CVE-2023-22054 | MySQL Server: Server: Optimizer | MySQL Protocol | 否 | 4.9 | 8.0.33 and prior |
| CVE-2023-22056 | MySQL Server: Server: Optimizer | MySQL Protocol | 否 | 4.9 | 8.0.33 and prior |
| CVE-2023-21950 | MySQL Server: Server: Replication | MySQL Protocol | 否 | 4.9 | 8.0.27 and prior |
| CVE-2023-22007 | MySQL Server: Server: Replication | MySQL Protocol | 否 | 4.9 | 5.7.41 and prior, 8.0.32 and prior |
| CVE-2023-22057 | MySQL Server: Server: Replication | MySQL Protocol | 否 | 4.9 | 8.0.33 and prior |
| CVE-2023-22033 | MySQL Server: InnoDB | MySQL Protocol | 否 | 4.4 | 8.0.33 and prior |
| CVE-2023-22058 | MySQL Server: Server: DDL | MySQL Protocol | 否 | 4.4 | 8.0.33 and prior |
| CVE-2023-22005 | MySQL Server: Server: Replication | MySQL Protocol | 否 | 4.4 | 8.0.33 and prior |
