DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

Oracle Patches Record 334 Vulnerabilities

DigitalCIO Bureau by DigitalCIO Bureau
July 18, 2018
in Tech News
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Oracle this week released its July 2018 set of patches to address a total of 334 security vulnerabilities, the largest number of flaws resolved with a Critical Patch Update (CPU) to date. Over 200 of the bugs may be remotely exploitable without authentication.

This month, 23 products from the enterprise security giant were patched, including E-Business Suite, Financial Services Applications, Fusion Middleware, Hospitality Applications, Java SE, MySQL, PeopleSoft Products, Retail Applications, Siebel CRM, and the Sun Systems Products Suite.

More than 50 of the flaws addressed this month had a CVSS 3.0 Base Score of 9.8. Overall, 61 security bugs had a CVSS score of 9.0 or above, according to Oracle’s advisory.

A total of 203 vulnerabilities were patched in business-critical applications, around 65% of which could be exploited remotely without entering credentials, ERPScan, a company that specializes in securing Oracle and SAP applications, points out.

This month, Financial Services Applications received the largest number of fixes, at 56. 21 of these vulnerabilities may be remotely exploitable without authentication.

Fusion Middleware received the second largest number of patches, at 44, with 38 of the addressed issues remotely exploitable without authentication.

Next in line are Retail Applications at 31 fixes (26 flaws being remotely exploitable) and MySQL, also with 31 patches (only 7 bugs remotely exploitable), followed by Hospitality Applications with 24 fixes (7 issues remotely exploitable), Sun Systems Products Suite at 22 patches (10 flaws remotely exploitable), and Enterprise Manager Products Suite with 16 fixes (all remotely exploitable without authentication).

Oracle also addressed vulnerabilities in PeopleSoft Products (15 bugs – 11 remotely exploitable without authentication), E-Business Suite (14 flaws – 13 remotely exploitable), Communications Applications (14 – 10), Virtualization (12 – 2), Construction and Engineering Suite (11 – 6), JD Edwards Products (10 – 9), Java SE (8 – 8), and Supply Chain Products Suite (8 – 6).

The least impacted products include Utilities Applications (4 vulnerabilities – 3 remotely exploitable without authentication), Policy Automation (3 flaws – all remotely exploitable), and Database Server (3 – 1).

Some of the most important issues addressed this month could be exploited remotely to take over the impacted application: CVE-2017-15095 in Oracle Spatial, CVE-2018-7489 in Global Lifecycle Management OPatchAuto component, CVE-2018-2943 in Fusion Middleware MapViewer, CVE-2018-2894 in WebLogic Server, and CVE-2017-5645 in PeopleSoft Enterprise FIN Install.

In late June, Oracle announced the availability of patches for new variants of the speculative execution attack methods known as Meltdown and Spectre. The company released the first set of mitigations against Spectre and Meltdown as part of the January 2018 CPU.

All Oracle customers are advised to apply the fixes included in Oracle’s Critical Patch Updates without delay, as some of the addressed vulnerabilities are being targeted by malicious actors in live attacks.

“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches,” the company notes.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Okaya Power Group Appoints Prakash Dharmani as CIO

by DigitalCIO Bureau
July 9, 2025
0
Okaya Power Group Appoints Prakash Dharmani as CIO

Prakash Dharmani has joined Okaya Power Group as its new Chief Information Officer (CIO). With over 33 years of experience across industries such as petrochemicals, refining, specialty packaging,...

Read moreDetails

Total Unique Malware Increases By 171%: WatchGuard

by DigitalCIO Bureau
July 9, 2025
0
OpenText Names LockBit  Nastiest Malware Of 2024

New WatchGuard research reveals 171% increase in total unique malware as attackers defy traditional defenses. Other key findings show an increase in email-borne malware threats, a rise in...

Read moreDetails

Dassault Systèmes Acquires Ascon Qube To Extend Virtual Twin Offering

by DigitalCIO Bureau
July 9, 2025
0

Dassault Systèmes has acquired the Ascon Qube technology from Ascon Systems Holding GmbH, a developer of software-defined automation systems.  The acquisition of Ascon Qube accelerates Dassault Systèmes’ leadership...

Read moreDetails

July 2025 Patch Tuesday: Comment from Satnam Narang, Sr. Staff Research Engineer, Tenable

by DigitalCIO Bureau
July 9, 2025
0
Microsoft Patch Tuesday 2023 Wrapped

"For the third consecutive July, Microsoft patched over 125 CVEs: 130 in 2023, 138 in 2024, and 127 in 2025. This month's count is well above the average...

Read moreDetails

Barracuda Unveils Backup Solution For Entra ID

by DigitalCIO Bureau
July 9, 2025
0

Barracuda Networks has announced the launch of Barracuda Entra ID Backup Premium – a comprehensive, cost-effective solution to safeguard Microsoft Entra ID environments from accidental and malicious data loss. With...

Read moreDetails
Next Post

Huawei Nova 3i Launched

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

Google Cloud has acquired this IT company

February 21, 2020
LRN Appoints New Leadership For Asia-Pacific Region

Motorola India appoints T M Narasimhan as Managing Director – Mobile Business Group

January 3, 2024

Microsoft launches new program for B2B startups

February 24, 2020

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Barracuda Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud HCLTech Honeywell IBM Infographics Internet of Things (IoT) Kaspersky Microsoft Netskope NTT DATA Palo Alto Networks Panel Discussion Qlik Salesforce ServiceNow Sophos Tenable Trend Micro Veeam Veeam Software Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?