Oracle releases extremely large security update

Get a free Techzine subscription!

Oracle released an extremely large security update today in a Critical Patch Update for many of its products and services. The company issued a total of 433 patches.

With the announced Critical Patch Update, Oracle releases a collection of patches for multiple security vulnerabilities. In this update, it closes 433 security vulnerabilities. Some of these vulnerabilities are in numerous products and services.

Many of the patched vulnerabilities could be executed remotely, without the need for authentication. This means that malicious parties can perform actions on solutions without having to log in. Oracle, therefore, calls for the patches to be implemented as quickly as possible.

Most important patches

The most important patches received the CVSS score 10.0 from Oracle. This means that they are easy to execute and give hackers a lot of control. Many vulnerabilities have also been rated 9.8, including 33 just for Oracle Financial Services. These vulnerabilities can also be compromised remotely without authentication.

Overview

Below is an overview of the number of patches for the various Oracle services and products, including the CVSS score and how many vulnerabilities can be performed remotely.

Oracle Communications Applications

  • Security patches: 58
  • Maximum CVSS score: 10.0
  • Remotely exploitable without authentication: 45

Oracle Construction and Engineering

  • Security patches: 20
  • Maximum CVSS score: 9.8
  • Remotely exploitable without authentication: 15

Oracle E-Business Suite

  • Security patches: 29
  • Maximum CVSS score: 9.1
  • Remotely exploitable without authentication: 23

Oracle Enterprise Manager.

  • Security patches: 14
  • Maximum CVSS score: 9.8
  • Remotely exploitable without authentication: 10

Oracle Financial Services Applications

  • Security patches: 38
  • Maximum CVSS score: 9.8
  • Remotely exploitable without authentication: 26

Oracle Fusion Middleware

  • Security patches: 53
  • Maximum CVSS score: 9.8
  • Remotely exploitable without authentication: 49

Oracle JD Edwards

  • Security patches: 6
  • Maximum CVSS score: 9.8
  • Remotely exploitable without authentication: 6

Oracle MySQL.

  • Security patches: 40
  • Maximum CVSS score: 9.8
  • Remotely exploitable without authentication: 6

Oracle Retail Applications

  • Security patches: 39
  • Maximum CVSS score: 9.8
  • Remotely exploitable without authentication: 34

Oracle Siebel CRM

  • Security patches: 5
  • Maximum CVSS score: 9.8
  • Remotely exploitable without authentication: 5

Oracle Supply Chain

  • Security patches: 22
  • Maximum CVSS score: 9.8
  • Remotely exploitable without authentication: 18

Oracle Database Server

  • Security patches: 20
  • Maximum CVSS score: 8.8
  • Remotely exploitable without authentication: 1

Oracle GoldenGate

  • Security patches: 3
  • Maximum CVSS score: 9.6
  • Remotely exploitable without authentication: 1

Complete overview

A complete overview of the Critical Patch Update can be found here.