Oracle releases fix for 443 vulnerabilities affecting 130 products. 100 flaws with CVE score of 9.8 or higher

A few days ago, Oracle released its monthly security update, which will fix over 400 security vulnerabilities, including 52 patches for Oracle Fusion Middleware. According to hacking course experts, other updated products are Oracle Weblogic, Oracle Coherence, Oracle BI Publisher, Oracle Endeca Information Discovery Studio, Oracle Business Intelligence Enterprise Edition, among others.

Out of these hundreds of patches, 52 correct 48 remotely exploitable flaws.

Oracle WebLogic Server

The monthly update includes 5 Weblogic deserialization vulnerabilities patches. Successful exploitation of these flaws allow unauthenticated threat actors to send specially crafted requests through IIOP and T3 protocols aiming to run arbitrary code on Oracle WebLogic Server.

Oracle Communications Applications

Patches for Oracle Communications Applications include 60 updates; 46 of these vulnerabilities could even be remotely exploited with no victims’ interaction.

Oracle E-Business Suite

This product received 30 new security updates; among the corrected flaws, 24 can be remotely exploited with no users’ authentication, as mentioned by hacking course specialists.

Oracle Enterprise Manager

The patch for Oracle Enterprise Manager includes 14 updates (10 critical flaws). Threat actors can exploit these flaws over the affected network with no system authentication.

Oracle Financial Services Applications

Researchers found 38 security flaws in Oracle Financial Services applications. Almost 30 of these flaws could be remotely exploited with no users’ interaction or system authentication, so malicious hackers can attack affected implementations over the network.

Oracle MySQL

Oracle MySQL received 40 security patches to correct multiple vulnerabilities, which could be remotely exploited. The attacks do not require user authentication on the affected system. 

Oracle Database Server

The security patch contains 19 new updates for the Oracle Database server. Specialists point out that one of these flaws, tracked as CVE-2020-2968, could be exploited with no users’ interaction, besides; the attack does not require system access. 

Updates are already available, so users of exposed Oracle implementations are encouraged to install soon. For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies