Wednesday, December 6, 2023

Oracle Released Biggest Security Updates – 284 Vulnerabilities are Fixed that Affected Oracle Products

Oacle released one of the biggest security updates with the fixes for 284 security vulnerabilities that affected Oracle products.

There are 93 different products and versions are affected with various level of vulnerabilities and released an update for users.

Affected products including Enterprise Manager, Java SE, MySQL, JD Edwards, Oracle Supply Chain Products, Database, E-Business Suite, Retail Applications, Virtualization, Oracle Banking Platform and more.

Oracle said, Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory.

There are some earlier instance, attacker have been exploited some of the vulnerabilities in Oracle products because targeted customers had failed to apply available Oracle patches.

All 284 are fixed and released the updates so now Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.

Some of the vulnerabilities are potentially exploited to the system that allows an attacker to take over the complete control of the vulnerable system. so applying patch as soon as possible will reduce the risk of successful attack by blocking network protocols required by an attack.

In this case, several vulnerabilities addressed in this Critical Patch Update affect multiple products and the CVE has been assigned for each vulnerability.

According to Oracle, “Oracle conducts an analysis of each security vulnerability addressed by a Critical Patch Update. Oracle does not disclose detailed information about this security analysis to customers, but the resulting Risk Matrix and associated documentation provide information about the type of vulnerability, the conditions required to exploit it, and the potential impact of a successful exploit”

Oracle Security Updates List

Affected Products and VersionsPatch Availability Document
Enterprise Manager Base Platform, versions, 13.2, 13.3Enterprise Manager
Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3, 13.3.1Enterprise Manager
Enterprise Manager Ops Center, versions 12.2.2, 12.3.3Enterprise Manager
Hyperion BI+, version Middleware
Java Advanced Management Console, version 2.12Java SE
JD Edwards EnterpriseOne Tools, version 9.2JD Edwards
JD Edwards World Security, versions A9.3, A9.3.1, A9.4JD Edwards
MySQL Connectors, versions 2.1.8 and prior, 8.0.13 and priorMySQL
MySQL Enterprise Monitor, versions 4.0.7 and prior, 8.0.13 and priorMySQL
MySQL Server, versions 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and priorMySQL
MySQL Workbench, versions 8.0.13 and priorMySQL
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1Oracle Supply Chain Products
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, versions,,,, Supply Chain Products
Oracle API Gateway, version Middleware
Oracle Application Testing Suite, versions,,, Manager
Oracle Argus Safety, versions 8.1, 8.2Health Sciences
Oracle Banking Platform, versions 2.5.0, 2.6.0, 2.6.1, 2.6.2Oracle Banking Platform
Oracle Business Process Management Suite, versions,, Middleware
Oracle Communications Billing and Revenue Management, versions 7.5, 12.0Oracle Communications Billing and Revenue Management
Oracle Communications Converged Application Server, versions prior to Communications Converged Application Server
Oracle Communications Converged Application Server – Service Controller, version 6.1Oracle Communications Converged Application Server – Service Controller
Oracle Communications Diameter Signaling Router (DSR), versions prior to 8.3Oracle Communications Diameter Signaling Router
Oracle Communications Online Mediation Controller, version 6.1Oracle Communications Online Mediation Controller
Oracle Communications Performance Intelligence Center (PIC) So ftware, versions prior to 10.2.1Oracle Communications Performance Intelligence Center (PIC) Software
Oracle Communications Policy Management, versions prior to 12.5Oracle Communications Policy Management
Oracle Communications Service Broker, version 6.0Oracle Communications Service Broker
Oracle Communications Services Gatekeeper, versions prior to Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions SCz7.4.0, SCz7.4.1, SCz8.0.0, SCz8.1.0Oracle Communications Session Border Controller
Oracle Communications Unified Inventory Management, versions prior to 7.4.0Oracle Communications Unified Inventory Management
Oracle Communications Unified Session Manager, version SCz7.3.5Oracle Communications Unified Session Manager
Oracle Communications WebRTC Session Controller, versions prior to 7.2Oracle Communications WebRTC Session Controller
Oracle Database Server, versions,,, 18cDatabase
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8E-Business Suite
Oracle Endeca Server, version 7.7.0Fusion Middleware
Oracle Enterprise Communications Broker, versions PCz2.1, PCz2.2, PCz3.0Oracle Enterprise Communications Broker
Oracle Enterprise Repository, version Middleware
Oracle Enterprise Session Border Controller, versions ECz7.4.0, ECz7.5.0, ECz8.0.0, ECz8.1.0Oracle Enterprise Session Border Controller
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3, 7.3.5, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7Oracle Financial Services Analytical Applications Infrastructure
Oracle FLEXCUBE Direct Banking, version 12.0.2Oracle Financial Services Applications
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0Oracle Financial Services Applications
Oracle Fusion Middleware MapViewer, version Middleware
Oracle GoldenGate Application Adapters, version Middleware
Oracle Health Sciences Information Manager, version 3.0Health Sciences
Oracle Healthcare Foundation, versions 7.1, 7.2Health Sciences
Oracle Healthcare Master Person Index, versions 3.0, 4.0Health Sciences
Oracle Hospitality Cruise Fleet Management, version 9.0.10Oracle Hospitality Cruise Fleet Management
Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.8Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Reporting and Analytics, version 9.1.0Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony, version 2.10Oracle Hospitality Simphony
Oracle HTTP Server, version Middleware
Oracle Insurance Calculation Engine, version 10.2Oracle Insurance Applications
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2, 5.4, 5.5Oracle Insurance Applications
Oracle Insurance Policy Administration J2EE, versions 10.0, 10.2Oracle Insurance Applications
Oracle Insurance Rules Palette, versions 10.0, 10.2Oracle Insurance Applications
Oracle Java SE, versions 7u201, 8u192, 11.0.1Java SE
Oracle Java SE Embedded, version 8u191Java SE
Oracle Managed File Transfer, versions, Middleware
Oracle Outside In Technology, versions 8.5.3, 8.5.4Fusion Middleware
Oracle Reports Developer, version Middleware
Oracle Retail Back Office, versions 13.3, 13.4, 14.0, 14.1Retail Applications
Oracle Retail Convenience and Fuel POS Software, version 2.8.1Retail Applications
Oracle Retail Convenience and Fuel POS Software, version 2.8.1Retail Applications
Oracle Retail Customer Insights, versions 15.0, 16.0Retail Applications
Oracle Retail Integration Bus, version 17.0Retail Applications
Oracle Retail Merchandising System, version 14.1Retail Applications
Oracle Retail Returns Management, versions 13.3, 13.4, 14.0, 14.1Retail Applications
Oracle Retail Sales Audit, version 15.0Retail Applications
Oracle Retail Service Backbone, versions 13.1, 13.2, 14.0, 14.1, 15.0, 16.0Retail Applications
Oracle Retail Workforce Management Software, versions 1.60.9, 1.64.0Retail Applications
Oracle Retail Xstore Payment, version 3.3Retail Applications
Oracle Secure Global Desktop (SGD), version 5.4Virtualization
Oracle Service Architecture Leveraging Tuxedo, versions, Middleware
Oracle SOA Suite, versions, Middleware
Oracle Solaris, versions 10, 11Systems
Oracle Transportation Management, versions 6.3.7, 6.4.1, 6.4.2, 6.4.3Oracle Supply Chain Products
Oracle Utilities Framework, version Utilities Applications
Oracle Utilities Network Management System, versions,,, Utilities Applications
Oracle VM VirtualBox, versions prior to 5.2.24, prior to 6.0.2Virtualization
Oracle Web Cache, version Middleware
Oracle WebCenter Portal, versions, Middleware
Oracle WebCenter Sites, version Middleware
Oracle WebLogic Server, versions,, Middleware
OSS Support Tools, versions prior to 19.1Support Tools
PeopleSoft Enterprise CC Common Application Objects, version 9.2PeopleSoft
PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2PeopleSoft
PeopleSoft Enterprise HCM eProfile Manager Desktop, version 9.2PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57PeopleSoft
PeopleSoft Enterprise SCM eProcurement, version 9.2PeopleSoft
Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12, 18.8Oracle Construction and Engineering Suite
Primavera Unifier, versions 16.1, 16.2, 17.1-17.12, 18.8Oracle Construction and Engineering Suite
Siebel Applications, versions 18.10, 18.11Siebel
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.8.2Systems
Tape Library ACSLS, version 8.4Systems

Along with this, Oracle also released a Security Alert Advisory CVE-2018-11776 for Apache Struts 2, a third party component that allow attacker to remotely exploit the network without authentication without Users credentials.

Also you can see the Solaris Third Party Bulletins , Oracle Linux Bulletins, Oracle VM Server for x86 Bulletins.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.


Latest articles

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles