Oracle releases patch update advisory for 443 vulnerabilities affecting its 130 products


Oracle has now fixed and released the patches for 443 vulnerabilities affecting its 130 products

Oracle Corporation is an American multinational computer technology corporation headquartered in Redwood Shores, California. The company sells database software and technology, cloud engineered systems, and enterprise software products—particularly its own brands of database management systems. In 2019, Oracle was the second-largest software company by revenue and market capitalization.

The company on Tuesday released and Patch update advisory that said Oracle fixed 443 vulnerabilities affecting its 130 products. According to the report it was found that about 100 flaws were found with the CVE score of more than 9.8 or higher.

The company has released its monthly security update in the form of these patches, which will fix over 400 security vulnerabilities, including 52 patches for Oracle Fusion Middleware. According to hacking course experts, other updated products are Oracle Weblogic, Oracle Coherence, Oracle BI Publisher, Oracle Endeca Information Discovery Studio, Oracle Business Intelligence Enterprise Edition, among others.

Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.

Oracle’s Advisory

Oracle WebLogic Server

The monthly update includes 5 Weblogic deserialization vulnerabilities patches. Successful exploitation of these flaws allows unauthenticated threat actors to send specially crafted requests through IIOP and T3 protocols aiming to run arbitrary code on Oracle WebLogic Server.

Oracle Communications Applications

Patches for Oracle Communications Applications include 60 updates; 46 of these vulnerabilities could even be remotely exploited with no victims’ interaction.

Oracle E-Business Suite

This product received 30 new security updates; among the corrected flaws, 24 can be remotely exploited with no users’ authentication, as mentioned by hacking course specialists.

Oracle Enterprise Manager

The patch for Oracle Enterprise Manager includes 14 updates (10 critical flaws). Threat actors can exploit these flaws over the affected network with no system authentication.

Oracle Financial Services Applications

Researchers found 38 security flaws in Oracle Financial Services applications. Almost 30 of these flaws could be remotely exploited with no users’ interaction or system authentication, so malicious hackers can attack affected implementations over the network.

Oracle MySQL

Oracle MySQL received 40 security patches to correct multiple vulnerabilities, which could be remotely exploited. The attacks do not require user authentication on the affected system.

Oracle Database Server

The security patch contains 19 new updates for the Oracle Database server. Specialists point out that one of these flaws, tracked as CVE-2020-2968, could be exploited with no users’ interaction, besides; the attack does not require system access.

The company further reported that the Critical Patch Updates are released on the Tuesday closest to the 17th day of January, April, July, and October. The next four dates are 1. 20 October 2020, 2. 19 January 2021, 3. 20 April 2021, 4. 20 July 2021.

It is highly recommended to update the security patch on your products as soon as possible to avoid any exploitation. For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments