One of these vulnerabilities may be remotely exploitable without authentication. The Critical Patch Update for Oracle Essbase Products contains 2 new security patches. This applies to Database client-only on the Windows platform. NET. The Oracle Database Server components and versions affected by the vulnerability Oracle Database Server, versions 19c, 21c. Thriving attacks of this vulnerability can result in the takeover of Oracle Data Provider for. This is a challenging vulnerability to exploit, and successful attacks require human interaction from someone other than the attacker. NET can exploit this vulnerability over a network without requiring user credentials. The attacker with network access via TCPS to compromise Oracle Data Provider for. NET for Oracle Database Server may be remotely exploitable without authentication. The vulnerability identified as CVE-2023-21893 with CVSS v3.1 7.5 in the Oracle Data Provider for. The Critical Patch Update for Oracle Database Products contains 9 new security patches. Notable Oracle Vulnerabilities Patched Oracle Database Server Oracle MySQL Connectors 8.0.x Denial of Service (DoS) Vulnerability (CPUJAN2023) Oracle Coherence January 2023 Critical Patch Update (CPUJAN2023) Oracle VM VirtualBox Linux Multiple Vulnerabilities (CPUJAN2023) Oracle Solaris 11.4 Support Repository Update (SRU) 53.132.2 Missing (CPUJAN2023) Oracle Database 19c Critical OJVM Patch Update – January 2023 Oracle Java Standard Edition (SE) Critical Patch Update – January 2023 (CPUJAN2023) Oracle MySQL January 2023 Critical Patch Update (CPUJAN2023) Oracle Database 21c Critical Patch Update – January 2023 Oracle Database 19c Critical Patch Update – January 2023 Oracle WebLogic Server Multiple Vulnerabilities (CPUJAN2023) Should additional QIDs be released, they will be added to the table below as they become available: QID Qualys has released eleven (11) QIDs, starting with IP scanning version VULNSIGS-2.5.678-3/VULNSIGS-2.5.680-2 and Linux Cloud Agent manifest version lx_manifest-2.5.678.3-2/ lx_manifest-2.5.680.2-1. Oracle Database Server, Oracle Essbase, Oracle GoldenGate, Oracle TimesTen In-Memory Database, Oracle Commerce, Oracle Communications Applications, Oracle Communications, Oracle Construction and Engineering, Oracle PeopleSoft, Oracle Retail Applications, Oracle Siebel CRM, Oracle Supply Chain, Oracle Support Tools, Oracle Systems, Oracle Utilities Applications, Oracle Virtualization, Oracle Health Sciences Applications, Oracle HealthCare Applications, Oracle Hospitality Applications, Oracle Hyperion, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, Oracle Food and Beverage Applications, Oracle Fusion Middleware, Oracle Insurance Applications, Oracle Java SE, Oracle JD Edwards, Oracle MySQL. Oracle has released its first quarterly update of 2023, addressing 327 new security patches across 29 product families. The 252 of the 327 or about 77% of security patches about 77% are for non-Oracle CVEs, which are security fixes for issues in third-party products (e.g., open-source components) that are included and exploitable in the context of their Oracle product distributions. Also, Oracle MySQL receives 37 new security updates. The Oracle Fusion Middleware and Oracle Communications Applications product lines followed, with 50 and 39 patches, respectively, representing 15% and 12% of the total patches issued. We urge customers to apply these time-sensitive Oracle Critical Patch Updates.ĭuring Q1 2023 Oracle Critical Patch Update, the Oracle Communications product suite recorded the highest number of patches at 79, constituting 24% of the total patches released. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. Some of the vulnerabilities addressed this month impact various products. This Oracle Critical Patch Update contains a group of patches for multiple security vulnerabilities that address 327 new security patches.
0 Comments
Leave a Reply. |