Oracle Closes 397 Vulnerabilities |

It is the most extensive patch day in the company’s history. 56 bugs alone achieve a CVSS score of 9.8 points. Many vulnerabilities can be exploited remotely and without entering credentials.

Oracle released security updates for 116 products on its April patch day. They close a total of 397 vulnerabilities, exceeding the 334 fixes of the January patch day. The April Patchday is the most extensive in the company’s history.

Oracle (Image: Oracle)Oracle rated a total of 56 bugs with 9.8 out of 10 possible points in the Common Vulnerability Scoring System (CVSS). They are therefore considered critical and may allow malicious code to be introduced and executed remotely and without prior authentication. Oracle Communications Applications, Financial Services Applications, Fusion Middleware and Retail Applications are affected.

There are a total of 39 vulnerabilities in the communications applications. 35 holes make Financial Services Applications vulnerable. Updates for MySQL eliminate 45 security-related bugs. Oracle middleware has 51 vulnerabilities.

The developers apparently had most of the work with the e-business suite. Here they had 74 vulnerabilities. Some of them can be used remotely without authentication. However, the gaps reach a maximum score of 8.6 points.

Patches are also available for Oracle Database Server, Oracle Enterprise Manager, GraalVM, Oracle Health Sciences Applications, Oracle JD Edwards, Oracle Peoplesoft and Oracle Siebel CRM. Oracle VirtualBox is also affected. Oracle reiterates that a remote attack is possible without authentication.

Oracle has 15 new security patches for Java SE. According to the security bulletin, they are all suitable for remote code execution without an attacker having to enter credentials.

Users should install the available updates as soon as possible. Oracle only closes security holes in its products four times a year. The next updates are scheduled for July 14th and October 20th.

HPE GreenLake: Optimal basis for your cloud

HPE GreenLake is an IT-as-a-service offering that brings the cloud experience to your on-premises infrastructure and unifies your edges, clouds and data centers. Learn in this webinar how to make the most of the advantages of the HPE solution for your company.

Leave a Reply

Your email address will not be published. Required fields are marked *