New Oracle CPU Calls Out 389 Vulnerabilities
How Are You Affected?
The latest quarterly Oracle Critical Patch Update was released on Tuesday, April 20, 2021. It addresses 389 new vulnerabilities (211 are non-Oracle, Open Source, components bundled with multiple products) in addition to previous areas of weakness. Inoapps Chief Technology Officer, James Anthony, has reviewed this quarter's CPU and ordered the vulnerabilities by the level of impact they are likely to have on users.
The following list will give you an indication of how your organisation might be affected by the update:
- E-Business Suite - 70 new vulnerabilities, with a maximum CVSS score of 9.1 (CRITICAL).
- Database - 10 new vulnerabilities (1 of which is client only installs), but fortunately the highest only scores 7.5.
- Fusion Middleware - 45 new vulnerabilities, 36 of which are remotely exploitable without authentication, and the highest of which scores 9.8 (CRITICAL) on the CVSS rating. Oracle is strongly recommending immediate application of this patch.
- Hyperion - 2 new vulnerabilities, 1 of which scores 9.6 (CRITICAL).
- Oracle Enterprise Manager - 8 new vulnerabilities, 7 of which can be exploited remotely without authentication, and the highest of which scores 9.8 (CRITICAL) on the CVSS rating. Oracle are strongly recommending immediate patch application.
What does this mean for you?
Digital security should always be high on the agenda, but as organisations continue to respond to COVID-19 with remote working and adapted working practices, it's even more critical to ensure your information is safe. We therefore advise that you keep up to date with patching to limit the opportunity for a damaging security breach.
How can Inoapps Help?
Inoapps is exclusively Oracle and our global Technology Team has a wealth of experience across the Oracle technology stack. If you have questions about this CPU or patching in general please contact us today.