Wednesday, January 15, 2025
HomeCVE/vulnerabilityOracle Critical Patch Update Addresses 405 New Security Vulnerabilities - April 2020

Oracle Critical Patch Update Addresses 405 New Security Vulnerabilities – April 2020

Published on

Oracle released an emergency security update for another critical remote code execution vulnerability that can be exploited by the remote attacker to gain control over the system.

A pre-release announcement released by Oracle on Tuesday, April 14, 2020. The patch update addresses 405 new security vulnerabilities.

Here is the list of the products updated, Oracle recommends customers to apply a critical patch as soon as possible.

Here is the List of Affected products

9 new security vulnerabilities patched with Oracle Database Server. Out of them, 2 vulnerabilities can be exploited by a remote attacker without authentication.

The update covers 1 critical security vulnerability with Oracle Global Lifecycle Management, attackers can exploit the vulnerability by only having the user credentials.

1 vulnerability that exists with Oracle Secure Backup is patched, this vulnerability can be exploited by attackers remotely without authentication.

Oracle Communications Applications receive a high number of fixes, in total 39 security patches provided, out of the 35 can be exploited remotely without authentication.

Oracle Construction and Engineering receive patches for 12 security vulnerabilities, out of the 9 can be exploited remotely without authentication.

Among others Oracle E-Business Suite receives a high number of patches, in total, it has received 74 security patches, 71 of them can be exploited remotely.

Oracle Financial Services Applications receives 34 new security patches and the Oracle Fusion Middleware receives 56 new security patches.

The update covers 45 new security vulnerabilities with Oracle MySQL and the Oracle virtualization server patches for 19 security vulnerabilities.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Aembit Announces Speaker Lineup for the Inaugural NHIcon

Aembit, the non-human identity and access management (IAM) company, unveiled the full agenda for...

Sweet Security Introduces Patent-Pending LLM-Powered Detection Engine, Reducing Cloud Detection Noise to 0.04%

Sweet Security, a leader in cloud runtime detection and response, today announced the launch...

ShadowSyndicate Hackers Added RansomHub Ransomware to their Arsenal

ShadowSyndicate is a prolific threat actor that has been active since July 2022, collaborated...

5,000 WordPress Sites Hacked in New WP3.XYZ Malware Attack

Widespread malware campaigns detected by side crawlers exploit vulnerabilities on multiple websites where the...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PoC Exploit Released for Critical macOS Sandbox Vulnerability (CVE-2024-54498)

A proof-of-concept (PoC) exploit has been publicly disclosed for a critical vulnerability impacting macOS...

IBM Robotic Process Automation Vulnerability Let Attackers Obtain Sensitive Data

A newly disclosed security vulnerability in IBM Robotic Process Automation (RPA) has raised concerns about potential...

IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks

A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its...