April 19, 2023

Oracle Patches 72 Critical Vulnerabilities Across a Wide Variety of Products

As part of their quarterly report, Oracle published a critical advisory including a collection of patches for various security vulnerabilities.

These patches address issues in Oracle code as well as third-party components used in Oracle products.

The Vulnerabilities

A total of 433 vulnerabilities have been patched, 72 of which are critical, some of which may allow a malicious attacker to execute remote code (RCE) without authentication.

The full list of vulnerabilities can be seen here.

Affected Products

The vulnerabilities were identified in a wide range of products, falling into the following categories:

• Oracle GoldenGate
• Oracle Fusion Middleware
• Oracle Health Sciences
• Oracle HealthCare Applications
• Oracle iLearning
• Oracle Java SE
• Oracle JD Edwards
• Oracle Management Cloud Engine
• Oracle MySQL
• NoSQL Database
• Oracle Analytics
• Oracle Blockchain Platform
• Oracle Commerce
• Oracle Communications Applications
• Oracle Construction and Engineering Suite
• Oracle E-Business Suite
• Oracle GraalVM
• Oracle Enterprise Applications
• Oracle Enterprise Manager
• Oracle Enterprise Performance Management
• Oracle Financial Services Applications
• Oracle Hospitality OPERA 5 Property Services
• Oracle Insurance Applications
• Oracle SD-WAN Aware
• Oracle SD-WAN Edge
• Oracle Supply Chain Products
• Oracle Utilities Applications
• Oracle PeopleSoft
• Oracle Retail Applications
• Oracle Siebel
• Oracle Systems
• Oracle Virtualization
• Oracle NoSQL Database
• Oracle Database

Mitigation

CYREBRO recommends to applying the security patches as soon as possible.

References: Oracle Advisory