Friday, March 29, 2024

Oracle Released Biggest Security Updates – 284 Vulnerabilities are Fixed that Affected Oracle Products

Oacle released one of the biggest security updates with the fixes for 284 security vulnerabilities that affected Oracle products.

There are 93 different products and versions are affected with various level of vulnerabilities and released an update for users.

Affected products including Enterprise Manager, Java SE, MySQL, JD Edwards, Oracle Supply Chain Products, Database, E-Business Suite, Retail Applications, Virtualization, Oracle Banking Platform and more.

Oracle said, Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory.

There are some earlier instance, attacker have been exploited some of the vulnerabilities in Oracle products because targeted customers had failed to apply available Oracle patches.

All 284 are fixed and released the updates so now Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.

Some of the vulnerabilities are potentially exploited to the system that allows an attacker to take over the complete control of the vulnerable system. so applying patch as soon as possible will reduce the risk of successful attack by blocking network protocols required by an attack.

In this case, several vulnerabilities addressed in this Critical Patch Update affect multiple products and the CVE has been assigned for each vulnerability.

According to Oracle, “Oracle conducts an analysis of each security vulnerability addressed by a Critical Patch Update. Oracle does not disclose detailed information about this security analysis to customers, but the resulting Risk Matrix and associated documentation provide information about the type of vulnerability, the conditions required to exploit it, and the potential impact of a successful exploit”

Oracle Security Updates List

Affected Products and VersionsPatch Availability Document
Enterprise Manager Base Platform, versions 12.1.0.5, 13.2, 13.3Enterprise Manager
Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3, 13.3.1Enterprise Manager
Enterprise Manager Ops Center, versions 12.2.2, 12.3.3Enterprise Manager
Hyperion BI+, version 11.1.2.4Fusion Middleware
Java Advanced Management Console, version 2.12Java SE
JD Edwards EnterpriseOne Tools, version 9.2JD Edwards
JD Edwards World Security, versions A9.3, A9.3.1, A9.4JD Edwards
MySQL Connectors, versions 2.1.8 and prior, 8.0.13 and priorMySQL
MySQL Enterprise Monitor, versions 4.0.7 and prior, 8.0.13 and priorMySQL
MySQL Server, versions 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and priorMySQL
MySQL Workbench, versions 8.0.13 and priorMySQL
Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1Oracle Supply Chain Products
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6Oracle Supply Chain Products
Oracle Agile Product Lifecycle Management for Process, versions 6.2.0.0, 6.2.1.0, 6.2.2.0, 6.2.3.0, 6.2.3.1Oracle Supply Chain Products
Oracle API Gateway, version 11.1.2.4.0Fusion Middleware
Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0.1Enterprise Manager
Oracle Argus Safety, versions 8.1, 8.2Health Sciences
Oracle Banking Platform, versions 2.5.0, 2.6.0, 2.6.1, 2.6.2Oracle Banking Platform
Oracle Business Process Management Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0Fusion Middleware
Oracle Communications Billing and Revenue Management, versions 7.5, 12.0Oracle Communications Billing and Revenue Management
Oracle Communications Converged Application Server, versions prior to 7.0.0.1Oracle Communications Converged Application Server
Oracle Communications Converged Application Server – Service Controller, version 6.1Oracle Communications Converged Application Server – Service Controller
Oracle Communications Diameter Signaling Router (DSR), versions prior to 8.3Oracle Communications Diameter Signaling Router
Oracle Communications Online Mediation Controller, version 6.1Oracle Communications Online Mediation Controller
Oracle Communications Performance Intelligence Center (PIC) So ftware, versions prior to 10.2.1Oracle Communications Performance Intelligence Center (PIC) Software
Oracle Communications Policy Management, versions prior to 12.5Oracle Communications Policy Management
Oracle Communications Service Broker, version 6.0Oracle Communications Service Broker
Oracle Communications Services Gatekeeper, versions prior to 6.1.0.4.0Oracle Communications Services Gatekeeper
Oracle Communications Session Border Controller, versions SCz7.4.0, SCz7.4.1, SCz8.0.0, SCz8.1.0Oracle Communications Session Border Controller
Oracle Communications Unified Inventory Management, versions prior to 7.4.0Oracle Communications Unified Inventory Management
Oracle Communications Unified Session Manager, version SCz7.3.5Oracle Communications Unified Session Manager
Oracle Communications WebRTC Session Controller, versions prior to 7.2Oracle Communications WebRTC Session Controller
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18cDatabase
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8E-Business Suite
Oracle Endeca Server, version 7.7.0Fusion Middleware
Oracle Enterprise Communications Broker, versions PCz2.1, PCz2.2, PCz3.0Oracle Enterprise Communications Broker
Oracle Enterprise Repository, version 12.1.3.0.0Fusion Middleware
Oracle Enterprise Session Border Controller, versions ECz7.4.0, ECz7.5.0, ECz8.0.0, ECz8.1.0Oracle Enterprise Session Border Controller
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3, 7.3.5, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7Oracle Financial Services Analytical Applications Infrastructure
Oracle FLEXCUBE Direct Banking, version 12.0.2Oracle Financial Services Applications
Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0Oracle Financial Services Applications
Oracle Fusion Middleware MapViewer, version 12.2.1.3.0Fusion Middleware
Oracle GoldenGate Application Adapters, version 12.3.2.1.1Fusion Middleware
Oracle Health Sciences Information Manager, version 3.0Health Sciences
Oracle Healthcare Foundation, versions 7.1, 7.2Health Sciences
Oracle Healthcare Master Person Index, versions 3.0, 4.0Health Sciences
Oracle Hospitality Cruise Fleet Management, version 9.0.10Oracle Hospitality Cruise Fleet Management
Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.8Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality Reporting and Analytics, version 9.1.0Oracle Hospitality Reporting and Analytics
Oracle Hospitality Simphony, version 2.10Oracle Hospitality Simphony
Oracle HTTP Server, version 12.2.1.3Fusion Middleware
Oracle Insurance Calculation Engine, version 10.2Oracle Insurance Applications
Oracle Insurance Insbridge Rating and Underwriting, versions 5.2, 5.4, 5.5Oracle Insurance Applications
Oracle Insurance Policy Administration J2EE, versions 10.0, 10.2Oracle Insurance Applications
Oracle Insurance Rules Palette, versions 10.0, 10.2Oracle Insurance Applications
Oracle Java SE, versions 7u201, 8u192, 11.0.1Java SE
Oracle Java SE Embedded, version 8u191Java SE
Oracle Managed File Transfer, versions 12.2.1.3.0, 19.1.0.0.0Fusion Middleware
Oracle Outside In Technology, versions 8.5.3, 8.5.4Fusion Middleware
Oracle Reports Developer, version 12.2.1.3Fusion Middleware
Oracle Retail Back Office, versions 13.3, 13.4, 14.0, 14.1Retail Applications
Oracle Retail Convenience and Fuel POS Software, version 2.8.1Retail Applications
Oracle Retail Convenience and Fuel POS Software, version 2.8.1Retail Applications
Oracle Retail Customer Insights, versions 15.0, 16.0Retail Applications
Oracle Retail Integration Bus, version 17.0Retail Applications
Oracle Retail Merchandising System, version 14.1Retail Applications
Oracle Retail Returns Management, versions 13.3, 13.4, 14.0, 14.1Retail Applications
Oracle Retail Sales Audit, version 15.0Retail Applications
Oracle Retail Service Backbone, versions 13.1, 13.2, 14.0, 14.1, 15.0, 16.0Retail Applications
Oracle Retail Workforce Management Software, versions 1.60.9, 1.64.0Retail Applications
Oracle Retail Xstore Payment, version 3.3Retail Applications
Oracle Secure Global Desktop (SGD), version 5.4Virtualization
Oracle Service Architecture Leveraging Tuxedo, versions 12.1.3.0.0, 12.2.2.0.0Fusion Middleware
Oracle SOA Suite, versions 12.1.3.0.0, 12.2.1.3.0Fusion Middleware
Oracle Solaris, versions 10, 11Systems
Oracle Transportation Management, versions 6.3.7, 6.4.1, 6.4.2, 6.4.3Oracle Supply Chain Products
Oracle Utilities Framework, version 4.3.0.1-4.3.0.4Oracle Utilities Applications
Oracle Utilities Network Management System, versions 1.12.0.3, 2.3.0.0, 2.3.0.1, 2.3.0.2Oracle Utilities Applications
Oracle VM VirtualBox, versions prior to 5.2.24, prior to 6.0.2Virtualization
Oracle Web Cache, version 11.1.1.9.0Fusion Middleware
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0Fusion Middleware
Oracle WebCenter Sites, version 11.1.1.8.0Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.3Fusion Middleware
OSS Support Tools, versions prior to 19.1Support Tools
PeopleSoft Enterprise CC Common Application Objects, version 9.2PeopleSoft
PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2PeopleSoft
PeopleSoft Enterprise HCM eProfile Manager Desktop, version 9.2PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57PeopleSoft
PeopleSoft Enterprise SCM eProcurement, version 9.2PeopleSoft
Primavera P6 Enterprise Project Portfolio Management, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12, 18.8Oracle Construction and Engineering Suite
Primavera Unifier, versions 16.1, 16.2, 17.1-17.12, 18.8Oracle Construction and Engineering Suite
Siebel Applications, versions 18.10, 18.11Siebel
Sun ZFS Storage Appliance Kit (AK), versions prior to 8.8.2Systems
Tape Library ACSLS, version 8.4Systems

Along with this, Oracle also released a Security Alert Advisory CVE-2018-11776 for Apache Struts 2, a third party component that allow attacker to remotely exploit the network without authentication without Users credentials.

Also you can see the Solaris Third Party Bulletins , Oracle Linux Bulletins, Oracle VM Server for x86 Bulletins.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.


Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles