Oracle Analytics and AI

Chad Williams

Hello,

With the April CPU delayed, I'm try resolve a critical vulnerability that turns up in security scans, per CVE-2026-21992. This page and the scans say to apply patch 39023318. However, when I try to apply this patch, I get the following message:

Skip patch 39023318 from list of patches to apply: This patch is skipped because none of the components from patch are present in ORACLE_HOME.
Please ensure that at least one of the component from patch is present in ORACLE_HOME.

Has anyone else encountered this issue?

I do notice in the extracted files list, everything has a 12.2.1.3.0 in the path, which is not our version of weblogic (12.2.1.4.0). Wonder if that has something to do with the patch not working.

Would happily wait for the April CPU, but have been instructed to get this done sooner than the expected date.

Also, I have opened an SR for this and am awaiting response, but thought I'd check here as I tend to get answers faster this way.

Thanks in advance,

Chad

Gianni Ceresa

Hi Chad,

Did you download the correct version?

There are 7 versions of that patch, all covering different versions of Oracle Webservices Manager.

If you check the list on the left of https://support.oracle.com/support/?patchId=39023318&page=sptemplate&sptemplate=cp-patches-updates-view-more&cp-patches-updates-view-more=cp-patches-details

You can find the right one for your environment (it isn't just 12.2.1.3 vs 12.2.1.4 or 14.2.1.0, you should also check the correct subversion of 12.2.1.4).

PS: I always install the OWSM bundle patch, therefore never used individual patches of OWSM. But waiting for a newer OWSM bundle patch, that patch should install when using the right version.