Tuesday 12 May 2020

Oracle April 2020 CPU Impact for EPM 11.2

In this post I will discuss the impact of the Oracle Critical Patch Updates for April 2020 on Oracle EPM 11.2 environments.

Oracle EPM 11.2 ships with Oracle WebLogic Server 12.2.1.3, Oracle Coherence 12.2.1.3 and OPatch 13.9.4.2. We need to resolve the following vulnerabilities that will affect EPM 11.2 environments:

CVE-2019-16943
CVE-2019-17571
CVE-2019-17359
CVE-2020-2766
CVE-2020-2798
CVE-2020-2801
CVE-2020-2811
CVE-2020-2867
CVE-2020-2869
CVE-2020-2883
CVE-2020-2884
CVE-2020-2963
CVE-2020-2915
CVE-2020-2949

The first vulnerability requires us to upgrade OPatch to 13.9.4.2.2 and apply a PSE. The rest of the vulnerabilities up to CVE-2020-2963 require us to upgrade Oracle WebLogic Server to 12.2.1.3.200227. CVE-2020-2915 and CVE-2020-2949 require us to upgrade Oracle Coherence to 12.2.1.3.7. We should also upgrade the WebLogic Samples to 12.2.1.3.191015 to ensure we are not affected by the historical vulnerabilities related Apache Struts.

So we need to download the following patches for OPatch:
28186730
31101362

Then download the following patch for Oracle WebLogic Server:
30965714

To resolve the other issues in Oracle Coherence and with the WebLogic Samples you should download the following patches:
31030882
30170398

The first OPatch update requires you to extract it and then run the JAR file, like so:

SET PATH=E:\Oracle\Middleware\jdk1.8.0_181\bin;%PATH%
java -jar opatch_generic.jar -J-Doracle.installer.oh_admin_acl=true -silent oracle_home=E:\Oracle\Middleware


The other patches can be applied with the following commands:

SET JAVA_HOME=E:\Oracle\Middleware\jdk1.8.0_181
SET ORACLE_HOME=E:\Oracle\Middleware
opatch apply 31101362
opatch apply 30965714
opatch apply 31030882
opatch apply 30170398


This should resolve all of the issues mentioned above.