Oracle Critical Patch Update October 2020
Oracle has released their last CPU of 2020. How does it affect you?
By James Anthony, CTO, Inoapps
Oracle releases a Critical Patch Update (CPU) four times annually to ensure the continued security of your Oracle products.
The latest CPU was released on Tuesday 20th October 2020. It deals with 402 new security exposures across the Oracle portfolio in addition to previous areas of weakness. It is important to note that Oracle no longer including details on non-exploitable vulnerabilities in their reported totals so the number of potential fixes will be higher.
When a CPU is released, we examine what is included and the key areas to make you aware of. In this release, 58% of the fixes (234) are for common 3rd party (often open source) components and therefore impact multiple products (e.g. Apache HTTP Server is used across multiple Oracle products). I’ve ordered the vulnerabilities below by the level of impact they are likely to have on users:
- Oracle Systems:
- 9 new vulnerabilities
- 3 exploitable remotely without authentication and with a maximum criticality of 10!
- Oracle Middleware:
- 46 patches
- 36 of which are exploitable remotely without authentication and the highest of which has a CVSS score of 9.8.
- Once again, I urge customers with client facing Oracle products to ensure they apply these patches
- Oracle Enterprise Manager:
- 11 new fixes
- 10 of these are exploitable remotely without authentication
- Oracle E-Business Suite:
- 27 new updates with a highest score of 9.8
- Oracle Supply Chain:
- 4 updates with a highest score of 9.8
- 30 updates (including 7 for database client installs), with the highest having a CVSS score of 8.8
- Oracle Hyperion:
- 9 new security updates
- 8 new vulnerabilities (all exploitable remotely, but with a maximum score of 5.3)
- Oracle Virtualisation:
- 7 new security fixes
So, what does this mean for you?
Digital security should always be high on the agenda. But, as many organisations continue to respond to Covid-19 with remote working and adapted working practices, its more critical than ever to ensure your organisations information is safe.
So, my advice is to please make sure you are up to date with your patching to limit the opportunity for a damaging security breach. Users of Oracle Systems, Middleware and Enterprise Manager should particularly ensure they take urgent action.
If you would like any advice about CPUs and patching, do get in touch with your Inoapps Account Manager or email us for information – we’re here to help.