Menu
Oracle patches raft of vulnerabilities in business applications

Oracle patches raft of vulnerabilities in business applications

The company's quarterly patch update includes a total of 270 security fixes for many products

Oracle released its first batch of security patches this year, fixing 270 vulnerabilities, mostly in business-critical applications. Many of the flaws can be exploited remotely without authentication.

The majority of the fixes are for flaws in business products such as Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products and Oracle Database Server.

E-Business Suite, which is used by companies to store key data and manage a wide range of business processes, accounts for more than 40 percent of the patched vulnerabilities -- 121. Out of these, 118 are remotely exploitable and the highest rated one has a score of 9.2 (critical) in the Common Vulnerability Scoring System.

Another 37 vulnerabilities were patched in Oracle Financial Services, 18 in Oracle Fusion Middleware, eight in Oracle Retail Applications, eight in Oracle PeopleSoft and 4 in the Oracle Primavera Products Suite. These products are used across a variety of industries.

The most critical vulnerability, with a CVSS score of 10, was patched in Primavera P6 Enterprise Project Portfolio Management. The vulnerability can be exploited over HTTP and can result in unauthorized creation, deletion or modification of critical data.

Vulnerabilities with a CVSS score of 9.8 were fixed in Oracle WebLogic Server, PeopleSoft Enterprise PeopleTools, JD Edwards EnterpriseOne Tools and Enterprise Manager Base Platform. If left unpatched, these can lead to a complete compromise of the affected systems.

On the database side, 27 vulnerabilities were patched in the widely used MySQL database server and five in the Oracle Database Server and related components. Seventeen vulnerabilities have been fixed in Java.

This is not Oracle's largest Critical Patch Update (CPU) to date, but comes close to it -- the record was 276 fixes in the July 2016 CPU.

Analysts from cybersecurity firm ERPScan point out that Oracle CPUs that exceed 200 patches have become the norm. The average number of fixes per Oracle CPU in 2015 was 153, but in 2016 is was 227, they said in an analysis.

"Oracle updates are huge and touch a wide range of products," said Amol Sarwate, director of vulnerability labs at Qualys, in a blog post. "As compared to older CPUs this was a regular-sized update but is bound to keep administrators busy due to the sheer number of vulnerabilities and products it touches."

Oracle releases CPUs on a quarterly basis, the next one being scheduled for April 18th.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments