DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

Oracle Patches Record 334 Vulnerabilities

DigitalCIO Bureau by DigitalCIO Bureau
July 18, 2018
in Tech News
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Oracle this week released its July 2018 set of patches to address a total of 334 security vulnerabilities, the largest number of flaws resolved with a Critical Patch Update (CPU) to date. Over 200 of the bugs may be remotely exploitable without authentication.

This month, 23 products from the enterprise security giant were patched, including E-Business Suite, Financial Services Applications, Fusion Middleware, Hospitality Applications, Java SE, MySQL, PeopleSoft Products, Retail Applications, Siebel CRM, and the Sun Systems Products Suite.

More than 50 of the flaws addressed this month had a CVSS 3.0 Base Score of 9.8. Overall, 61 security bugs had a CVSS score of 9.0 or above, according to Oracle’s advisory.

A total of 203 vulnerabilities were patched in business-critical applications, around 65% of which could be exploited remotely without entering credentials, ERPScan, a company that specializes in securing Oracle and SAP applications, points out.

This month, Financial Services Applications received the largest number of fixes, at 56. 21 of these vulnerabilities may be remotely exploitable without authentication.

Fusion Middleware received the second largest number of patches, at 44, with 38 of the addressed issues remotely exploitable without authentication.

Next in line are Retail Applications at 31 fixes (26 flaws being remotely exploitable) and MySQL, also with 31 patches (only 7 bugs remotely exploitable), followed by Hospitality Applications with 24 fixes (7 issues remotely exploitable), Sun Systems Products Suite at 22 patches (10 flaws remotely exploitable), and Enterprise Manager Products Suite with 16 fixes (all remotely exploitable without authentication).

Oracle also addressed vulnerabilities in PeopleSoft Products (15 bugs – 11 remotely exploitable without authentication), E-Business Suite (14 flaws – 13 remotely exploitable), Communications Applications (14 – 10), Virtualization (12 – 2), Construction and Engineering Suite (11 – 6), JD Edwards Products (10 – 9), Java SE (8 – 8), and Supply Chain Products Suite (8 – 6).

The least impacted products include Utilities Applications (4 vulnerabilities – 3 remotely exploitable without authentication), Policy Automation (3 flaws – all remotely exploitable), and Database Server (3 – 1).

Some of the most important issues addressed this month could be exploited remotely to take over the impacted application: CVE-2017-15095 in Oracle Spatial, CVE-2018-7489 in Global Lifecycle Management OPatchAuto component, CVE-2018-2943 in Fusion Middleware MapViewer, CVE-2018-2894 in WebLogic Server, and CVE-2017-5645 in PeopleSoft Enterprise FIN Install.

In late June, Oracle announced the availability of patches for new variants of the speculative execution attack methods known as Meltdown and Spectre. The company released the first set of mitigations against Spectre and Meltdown as part of the January 2018 CPU.

All Oracle customers are advised to apply the fixes included in Oracle’s Critical Patch Updates without delay, as some of the addressed vulnerabilities are being targeted by malicious actors in live attacks.

“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches,” the company notes.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

IBM Collaborates With MoE And MSDE To Scale Digital Skills Training

by DigitalCIO Bureau
September 30, 2023
0
IBM Collaborates With MoE And MSDE To Scale Digital Skills Training

IBM and the Ministry of Education (MoE), and the Ministry of Skill Development and Entrepreneurship (MSDE), have announced the signing of multiple Memorandum of Understanding (MoU) with its...

Read more

AI and Cloud-Enabled Small Businesses To Support 45.9 Million Jobs in India by 2030

by DigitalCIO Bureau
September 29, 2023
0
AI and Cloud-Enabled Small Businesses To Support 45.9 Million Jobs in India by 2030

Amazon Web Services (AWS) has released a new report revealing that small businesses that embrace cloud-enabled technologies in India are expected to unlock up to ₹1.6 trillion in...

Read more

Global Security and Risk Management Spending to Grow 14% in 2024: Gartner

by DigitalCIO Bureau
September 29, 2023
0
NTT offers SaaS Subscriptions to its patented XDR Platform

Worldwide end-user spending on security and risk management is projected to total $215 billion in 2024, an increase of 14.3% from 2023, according to new forecast from Gartner,...

Read more

CISOs Need to Champion AI TRiSM to Improve AI Results

by DigitalCIO Bureau
September 29, 2023
0
CISOs Need to Champion AI TRiSM to Improve AI Results

By 2026, organisations that operationalise artificial intelligence (AI) transparency, trust and security will see their AI models achieve a 50% improvement in terms of adoption, business goals and user acceptance, according to...

Read more

Vertiv Launches Energy-Efficient, Scalable UPS In India

by DigitalCIO Bureau
September 28, 2023
0
Vertiv Launches Energy-Efficient, Scalable UPS In India

Vertiv  has introduced the Vertiv Liebert APM2, a new energy-efficient and scalable power solution to its uninterruptible power supply (UPS) systems portfolio. The Liebert APM2 is compatible with lithium-ion...

Read more
Next Post

Huawei Nova 3i Launched

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

iPhone owners 167 times more at risk of being hacked – Study

December 27, 2019

Gigabit Internet Now Available to One In Twenty People Globally

November 22, 2019

Ericsson acquires Niche AI workforce for India centre

September 16, 2019

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

BROWSE BY TAG

Acquisition AI AIOps Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare CrowdStrike Customer Experience Cybersecurity Data Protection Deloitte Digital Transformation E-books Fortinet Gartner Generative AI IBM IDC Infographics Infosys Internet of Things (IoT) Microsoft Ministry of Education MSSPs Nessus Expert Netskope New Relic Oracle Panel Discussion Public cloud ransomware Salesforce Sophos Tenable Trend Micro Veeam Software Vertiv Webinars Whitepaper

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2023 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2023 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?