400 vulnerabilities reported on Oracle, update your servers before hackers take control of them

Despite declining global activities, reports of security flaws in technological developments continue to appear. Cloud security course experts mention that Oracle quarterly security update includes fixes for 405 different vulnerabilities, of which 286 can be exploited remotely.

The announcement about the update, released on Monday, mentions that a total of 13 Oracle products have security flaws that received 9.8/10 scores on the scale of the Common Vulnerability Scoring System (CVSS), including Oracle Financial Services Applications, Oracle MySQL, Oracle Retail Applications, and Oracle Support Tools.

On its own, the Oracle Fusion Middleware product will need to fix 49 vulnerabilities that could be exploited by remote threat actors without authentication. In other words, the flaws can be exploited on a network without requiring privileged user credentials, cloud security course specialists mention.

On the other hand, users of the Oracle Fusion Middleware software family will need to install a total of 56 security patches that affect nearly 20 related services, including Identity Manager Connector (v. 9.0), Big Data Discovery (v. 1.6) and WebCenter Portal (v. 11.1.1.9. 0, 12.2.1.3.0, 12.2.1.4.0).

This bulk update also includes patches to fix moderately serious security flaws. Fifteen of these moderate security flaws received a score of 8.5/10 on the CVSS scale and can be exploited remotely by an unauthenticated hacker, cloud security course specialists mention. Additional technical details for each of these vulnerabilities will be released next Thursday.

Finally, Oracle also included fixes for 34 critical vulnerabilities in the Oracle Financial Services suite, of which 14 are remotely exploitable. In addition, 45 security flaws were found in Oracle MySQL that could be exploitable remotely; one of these flaws received a score of 9.8/10 on the CVSS scale. 

The report concludes by mentioning that the Oracle Database Server line contains nine security errors, two are remotely exploitable, and received a score of 8/10 on the CVSS scale. Oracle received no reports of exploit attempts for any of these flaws, but urges affected deployment administrators to install the appropriate updates as soon as possible.

For further reports on vulnerabilities, exploits, malware variants and information security risks you can access the Website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.