Oracle Security Patches Update for Administrators

Overview

Oracle has released 334 security patches to address vulnerabilities across multiple products. 43 of these vulnerabilities are rated critical/severe with a CVSS scores of 9.1 and above. Most of them are remotely exploitable without the need for authentication and user credentials.

Affected Products

Products that are affected by these vulnerabilities include:

• Oracle Database Server

• Oracle Communications Applications

• Oracle Enterprise Manager

• Oracle Fusion Middleware 

• Oracle MySQL 

• Oracle E-Business Suite 

• Oracle PeopleSoft 

• Oracle Siebel CRM

• Oracle Construction and Engineering 

• Oracle Financial Services Applications 

• Oracle Food and Beverage Applications 

• Oracle Health Sciences Applications

• Oracle Hospitality Applications

• Oracle iLearning; 

• Oracle JD Edwards 

• Oracle Utilities Applications

• Oracle Retail Applications

• Oracle Systems

• Oracle Hyperion

• Oracle Supply Chain 

• Oracle GraalVM

• Oracle Virtualization

• Oracle Java SE

For the full list of versions and products that are affected by these vulnerabilities, please refer to the information provided by Oracle at https://www.oracle.com/security-alerts/cpujan2020.html.

Impact

An attacker could exploit some of these vulnerabilities to take control of the affected system by sending a malicious payload. This could result in a Denial of Service condition or the execution of arbitrary codes on affected systems.

Recommendations

System administrators of affected Oracle products are strongly encouraged to install the security patches immediately.

References

[1] https://www.oracle.com/security-alerts/cpujan2020.html

[2] https://www.us-cert.gov/ncas/current-activity/2020/01/14/oracle-releases-january-2020-security-bulletin

[3] https://threatpost.com/oracle-cpu-all-time-patch-high-january/151861/