Oracle Security Patches Update for Administrators

Published on 15 Jan 2020

Updated on 15 Jan 2020

Overview

Oracle has released 334 security patches to address vulnerabilities across multiple products. 43 of these vulnerabilities are rated critical/severe with a CVSS scores of 9.1 and above. Most of them are remotely exploitable without the need for authentication and user credentials.

 

Affected Products

Products that are affected by these vulnerabilities include:

  • Oracle Database Server

  • Oracle Communications Applications

  • Oracle Enterprise Manager

  • Oracle Fusion Middleware 

  • Oracle MySQL 

  • Oracle E-Business Suite 

  • Oracle PeopleSoft 

  • Oracle Siebel CRM

  • Oracle Construction and Engineering 

  • Oracle Financial Services Applications 

  • Oracle Food and Beverage Applications 

  • Oracle Health Sciences Applications

  • Oracle Hospitality Applications

  • Oracle iLearning; 

  • Oracle JD Edwards 

  • Oracle Utilities Applications 

  • Oracle Retail Applications 

  • Oracle Systems 

  • Oracle Hyperion 

  • Oracle Supply Chain 

  • Oracle GraalVM 

  • Oracle Virtualization 

  • Oracle Java SE

For the full list of versions and products that are affected by these vulnerabilities, please refer to the information provided by Oracle at https://www.oracle.com/security-alerts/cpujan2020.html.

 

Impact

An attacker could exploit some of these vulnerabilities to take control of the affected system by sending a malicious payload. This could result in a Denial of Service condition or the execution of arbitrary codes on affected systems.

 

Recommendations

System administrators of affected Oracle products are strongly encouraged to install the security patches immediately.

 

References

[1] https://www.oracle.com/security-alerts/cpujan2020.html

[2] https://www.us-cert.gov/ncas/current-activity/2020/01/14/oracle-releases-january-2020-security-bulletin

[3https://threatpost.com/oracle-cpu-all-time-patch-high-january/151861/