A few days ago, Oracle released its monthly security update, which will fix over 400 security vulnerabilities, including 52 patches for Oracle Fusion Middleware. According to hacking course experts, other updated products are Oracle Weblogic, Oracle Coherence, Oracle BI Publisher, Oracle Endeca Information Discovery Studio, Oracle Business Intelligence Enterprise Edition, among others.
Out of these hundreds of patches, 52 correct 48 remotely exploitable flaws.
Oracle WebLogic Server
The monthly update includes 5 Weblogic deserialization vulnerabilities patches. Successful exploitation of these flaws allow unauthenticated threat actors to send specially crafted requests through IIOP and T3 protocols aiming to run arbitrary code on Oracle WebLogic Server.
Oracle Communications Applications
Patches for Oracle Communications Applications include 60 updates; 46 of these vulnerabilities could even be remotely exploited with no victims’ interaction.
Oracle E-Business Suite
This product received 30 new security updates; among the corrected flaws, 24 can be remotely exploited with no users’ authentication, as mentioned by hacking course specialists.
Oracle Enterprise Manager
The patch for Oracle Enterprise Manager includes 14 updates (10 critical flaws). Threat actors can exploit these flaws over the affected network with no system authentication.
Oracle Financial Services Applications
Researchers found 38 security flaws in Oracle Financial Services applications. Almost 30 of these flaws could be remotely exploited with no users’ interaction or system authentication, so malicious hackers can attack affected implementations over the network.
Oracle MySQL received 40 security patches to correct multiple vulnerabilities, which could be remotely exploited. The attacks do not require user authentication on the affected system.
Oracle Database Server
The security patch contains 19 new updates for the Oracle Database server. Specialists point out that one of these flaws, tracked as CVE-2020-2968, could be exploited with no users’ interaction, besides; the attack does not require system access.
Updates are already available, so users of exposed Oracle implementations are encouraged to install soon. For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.