Oacle released one of the biggest security updates with the fixes for 284 security vulnerabilities that affected Oracle products.
There are 93 different products and versions are affected with various level of vulnerabilities and released an update for users.
Affected products including Enterprise Manager, Java SE, MySQL, JD Edwards, Oracle Supply Chain Products, Database, E-Business Suite, Retail Applications, Virtualization, Oracle Banking Platform and more.
Oracle said, Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory.
There are some earlier instance, attacker have been exploited some of the vulnerabilities in Oracle products because targeted customers had failed to apply available Oracle patches.
All 284 are fixed and released the updates so now Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.
Some of the vulnerabilities are potentially exploited to the system that allows an attacker to take over the complete control of the vulnerable system. so applying patch as soon as possible will reduce the risk of successful attack by blocking network protocols required by an attack.
In this case, several vulnerabilities addressed in this Critical Patch Update affect multiple products and the CVE has been assigned for each vulnerability.
According to Oracle , “Oracle conducts an analysis of each security vulnerability addressed by a Critical Patch Update. Oracle does not disclose detailed information about this security analysis to customers, but the resulting Risk Matrix and associated documentation provide information about the type of vulnerability, the conditions required to exploit it, and the potential impact of a successful exploit”
Oracle Security Updates List Affected Products and Versions Patch Availability Document Enterprise Manager Base Platform, versions 12.1.0.5, 13.2, 13.3 Enterprise Mana g er Enterprise Manager for Virtualization, versions 13.2.2, 13.2.3, 13.3.1 Enterprise Manager Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 Enterprise Manager Hyperion BI+, version 11.1.2.4 Fusion Middleware Java Advanced Management Console, version 2.12 Java SE JD Edwards EnterpriseOne Tools, version 9.2 JD Edwards JD Edwards World Security, versions A9.3, A9.3.1, A9.4 JD Edwards MySQL Connectors, versions 2.1.8 and prior, 8.0.13 and prior MySQL MySQL Enterprise Monitor, versions 4.0.7 and prior, 8.0.13 and prior MySQL MySQL Server, versions 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior MySQL MySQL Workbench, versions 8.0.13 and prior MySQL Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0, 6.2.1 Oracle Supply Chain Products Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6 Oracle Supply Chain Products Oracle Agile Product Lifecycle Management for Process, versions 6.2.0.0, 6.2.1.0, 6.2.2.0, 6.2.3.0, 6.2.3.1 Oracle Supply Chain Products Oracle API Gateway, version 11.1.2.4.0 Fusion Middleware Oracle Application Testing Suite, versions 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0.1 Enterprise Manager Oracle Argus Safety, versions 8.1, 8.2 Health Sciences Oracle Banking Platform, versions 2.5.0, 2.6.0, 2.6.1, 2.6.2 Oracle Banking Platform Oracle Business Process Management Suite, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0 Fusion Middleware Oracle Communications Billing and Revenue Management, versions 7.5, 12.0 Oracle Communications Billing and Revenue Management Oracle Communications Converged Application Server, versions prior to 7.0.0.1 Oracle Communications Converged Application Server Oracle Communications Converged Application Server – Service Controller, version 6.1 Oracle Communications Converged Application Server – Service Controller Oracle Communications Diameter Signaling Router (DSR), versions prior to 8.3 Oracle Communications Diameter Signaling Router Oracle Communications Online Mediation Controller, version 6.1 Oracle Communications Online Mediation Controller Oracle Communications Performance Intelligence Center (PIC) So ftware, versions prior to 10.2.1 Oracle Communications Performance Intelligence Center (PIC) Software Oracle Communications Policy Management, versions prior to 12.5 Oracle Communications Policy Management Oracle Communications Service Broker, version 6.0 Oracle Communications Service Broker Oracle Communications Services Gatekeeper, versions prior to 6.1.0.4.0 Oracle Communications Services Gatekeeper Oracle Communications Session Border Controller, versions SCz7.4.0, SCz7.4.1, SCz8.0.0, SCz8.1.0 Oracle Communications Session Border Controller Oracle Communications Unified Inventory Management, versions prior to 7.4.0 Oracle Communications Unified Inventory Management Oracle Communications Unified Session Manager, version SCz7.3.5 Oracle Communications Unified Session Manager Oracle Communications WebRTC Session Controller, versions prior to 7.2 Oracle Communications WebRTC Session Controller Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c Database Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 E-Business Suite Oracle Endeca Server, version 7.7.0 Fusion Middleware Oracle Enterprise Communications Broker, versions PCz2.1, PCz2.2, PCz3.0 Oracle Enterprise Communications Broker Oracle Enterprise Repository, version 12.1.3.0.0 Fusion Middleware Oracle Enterprise Session Border Controller, versions ECz7.4.0, ECz7.5.0, ECz8.0.0, ECz8.1.0 Oracle Enterprise Session Border Controller Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3, 7.3.5, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7 Oracle Financial Services Analytical Applications Infrastructure Oracle FLEXCUBE Direct Banking, version 12.0.2 Oracle Financial Services Applications Oracle FLEXCUBE Investor Servicing, versions 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 Oracle Financial Services Applications Oracle Fusion Middleware MapViewer, version 12.2.1.3.0 Fusion Middleware Oracle GoldenGate Application Adapters, version 12.3.2.1.1 Fusion Middleware Oracle Health Sciences Information Manager, version 3.0 Health Sciences Oracle Healthcare Foundation, versions 7.1, 7.2 Health Sciences Oracle Healthcare Master Person Index, versions 3.0, 4.0 Health Sciences Oracle Hospitality Cruise Fleet Management, version 9.0.10 Oracle Hospitality Cruise Fleet Management Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.8 Oracle Hospitality Cruise Shipboard Property Management System Oracle Hospitality Reporting and Analytics, version 9.1.0 Oracle Hospitality Reporting and Analytics Oracle Hospitality Simphony, version 2.10 Oracle Hospitality Simphony Oracle HTTP Server, version 12.2.1.3 Fusion Middleware Oracle Insurance Calculation Engine, version 10.2 Oracle Insurance Applications Oracle Insurance Insbridge Rating and Underwriting, versions 5.2, 5.4, 5.5 Oracle Insurance Applications Oracle Insurance Policy Administration J2EE, versions 10.0, 10.2 Oracle Insurance Applications Oracle Insurance Rules Palette, versions 10.0, 10.2 Oracle Insurance Applications Oracle Java SE, versions 7u201, 8u192, 11.0.1 Java SE Oracle Java SE Embedded, version 8u191 Java SE Oracle Managed File Transfer, versions 12.2.1.3.0, 19.1.0.0.0 Fusion Middleware Oracle Outside In Technology, versions 8.5.3, 8.5.4 Fusion Middleware Oracle Reports Developer, version 12.2.1.3 Fusion Middleware Oracle Retail Back Office, versions 13.3, 13.4, 14.0, 14.1 Retail Applications Oracle Retail Convenience and Fuel POS Software, version 2.8.1 Retail Applications Oracle Retail Convenience and Fuel POS Software, version 2.8.1 Retail Applications Oracle Retail Customer Insights, versions 15.0, 16.0 Retail Applications Oracle Retail Integration Bus, version 17.0 Retail Applications Oracle Retail Merchandising System, version 14.1 Retail Applications Oracle Retail Returns Management, versions 13.3, 13.4, 14.0, 14.1 Retail Applications Oracle Retail Sales Audit, version 15.0 Retail Applications Oracle Retail Service Backbone, versions 13.1, 13.2, 14.0, 14.1, 15.0, 16.0 Retail Applications Oracle Retail Workforce Management Software, versions 1.60.9, 1.64.0 Retail Applications Oracle Retail Xstore Payment, version 3.3 Retail Applications Oracle Secure Global Desktop (SGD), version 5.4 Virtualization Oracle Service Architecture Leveraging Tuxedo, versions 12.1.3.0.0, 12.2.2.0.0 Fusion Middleware Oracle SOA Suite, versions 12.1.3.0.0, 12.2.1.3.0 Fusion Middleware Oracle Solaris, versions 10, 11 Systems Oracle Transportation Management, versions 6.3.7, 6.4.1, 6.4.2, 6.4.3 Oracle Supply Chain Products Oracle Utilities Framework, version 4.3.0.1-4.3.0.4 Oracle Utilities Applications Oracle Utilities Network Management System, versions 1.12.0.3, 2.3.0.0, 2.3.0.1, 2.3.0.2 Oracle Utilities Applications Oracle VM VirtualBox, versions prior to 5.2.24, prior to 6.0.2 Virtualization Oracle Web Cache, version 11.1.1.9.0 Fusion Middleware Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0 Fusion Middleware Oracle WebCenter Sites, version 11.1.1.8.0 Fusion Middleware Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.3 Fusion Middleware OSS Support Tools, versions prior to 19.1 Support Tools PeopleSoft Enterprise CC Common Application Objects, version 9.2 PeopleSoft PeopleSoft Enterprise CS Campus Community, versions 9.0, 9.2 PeopleSoft PeopleSoft Enterprise HCM eProfile Manager Desktop, version 9.2 PeopleSoft PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57 PeopleSoft PeopleSoft Enterprise SCM eProcurement, version 9.2 PeopleSoft Primavera P6 Enterprise Project Portfolio Ma n agement, versions 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12, 18.8 Oracle Construction and Engineering Suite Primavera Unifier, versions 16.1, 16.2, 17.1-17.12, 18.8 Oracle Construction and Engineering Suite Siebel Applications, versions 18.10, 18.11 Siebel Sun ZFS Storage Appliance Kit (AK), versions prior to 8.8.2 Systems Tape Library ACSLS, version 8.4 Systems
Along with this, Oracle also released a Security Alert Advisory CVE-2018-11776 for Apache Struts 2, a third party component that allow attacker to remotely exploit the network without authentication without Users credentials.
Also you can see the Solaris Third Party Bulletins , Oracle Linux Bulletins , Oracle VM Server for x86 Bulletins.
You can follow us on Linkedin , Twitter , Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.