Primavera Unifier 21.12.4~21.12.7.0疑似漏洞

在对Oracle Primavera Unifier日常更新的补丁复盘中，无意发现一个安全漏洞：CVE-2020-9492

漏洞描述：

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.

幸运的是，目前只针对21.12.4~21.12.7.0可以重现风险问题，ORACLE对此提出的解决方案也很简单，更新APACHE SOLR库到8.10.0以上版即可

CVE-2020-9492：APACHE SOLR更新至至少8.10.0（8.11.2）

处理方案：更新 21.12.8.0 patch

通过下载Unifier21.12.8 或更新补丁包，更新到Unifier 应用服务器即可，当然，这只针对有购买ORACLE授权的用户，普通无法无法访问ORACLE Support

ORACLE Primavera Unifier 21.12.x Patch/Update(补丁/更新)https://campin.blog.csdn.net/article/details/123111776

如下是ORACLE解决方案原文：

SOLUTION

This issue has been resolved and the fix has been included as part of the Unifier 21.12.8 Patch Set.  All subsequent Patch Sets for this release version will also include the fix.

To implement the solution, please execute the following steps:

1. Download and review the README documentation and prerequisites for the Patch Set 34510384.
2. Ensure that you have taken a backup of your system before applying the recommended Patch Set.
3. Apply the Patch Set in a test environment.
4. Retest the issue.
5. Implement the solution as appropriate on other environments.

 这个行业的分享不多，希望更多感兴趣的朋友一同参与，探讨或合作 !

本人可提供Oracle 多种产品技术服务，包括产品的部署和维护及培训，欢迎与我取得联系！

如何联系蚕豆哥_蚕豆哥的博客-CSDN博客电邮：kangpingchn@hotmail.com (@gmail.com,@outlook.com)https://campin.blog.csdn.net/article/details/52950969