Menu
Oracle patches raft of vulnerabilities in business applications

Oracle patches raft of vulnerabilities in business applications

The company's quarterly patch update includes a total of 270 security fixes for many products

Oracle released its first batch of security patches this year, fixing 270 vulnerabilities, mostly in business-critical applications. Many of the flaws can be exploited remotely without authentication.

The majority of the fixes are for flaws in business products such as Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products and Oracle Database Server.

E-Business Suite, which is used by companies to store key data and manage a wide range of business processes, accounts for more than 40 percent of the patched vulnerabilities -- 121. Out of these, 118 are remotely exploitable and the highest rated one has a score of 9.2 (critical) in the Common Vulnerability Scoring System.

Another 37 vulnerabilities were patched in Oracle Financial Services, 18 in Oracle Fusion Middleware, eight in Oracle Retail Applications, eight in Oracle PeopleSoft and 4 in the Oracle Primavera Products Suite. These products are used across a variety of industries.

The most critical vulnerability, with a CVSS score of 10, was patched in Primavera P6 Enterprise Project Portfolio Management. The vulnerability can be exploited over HTTP and can result in unauthorized creation, deletion or modification of critical data.

Vulnerabilities with a CVSS score of 9.8 were fixed in Oracle WebLogic Server, PeopleSoft Enterprise PeopleTools, JD Edwards EnterpriseOne Tools and Enterprise Manager Base Platform. If left unpatched, these can lead to a complete compromise of the affected systems.

On the database side, 27 vulnerabilities were patched in the widely used MySQL database server and five in the Oracle Database Server and related components. Seventeen vulnerabilities have been fixed in Java.

This is not Oracle's largest Critical Patch Update (CPU) to date, but comes close to it -- the record was 276 fixes in the July 2016 CPU.

Analysts from cybersecurity firm ERPScan point out that Oracle CPUs that exceed 200 patches have become the norm. The average number of fixes per Oracle CPU in 2015 was 153, but in 2016 is was 227, they said in an analysis.

"Oracle updates are huge and touch a wide range of products," said Amol Sarwate, director of vulnerability labs at Qualys, in a blog post. "As compared to older CPUs this was a regular-sized update but is bound to keep administrators busy due to the sheer number of vulnerabilities and products it touches."

Oracle releases CPUs on a quarterly basis, the next one being scheduled for April 18th.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments