Oracle Critical Patch Update April 2020

By James Anthony, CTO, Inoapps 

Now the vast majority of people are working remotely and accessing their organisation’s systems online, patching is more critical than ever for security.  

Oracle releases a quarterly Critical Patch Update (CPU) to ensure your Oracle products are as secure as possible. The latest CPU was released on Tuesday 14th April 2020. It addressed 397 new security vulnerabilities across the Oracle product range as well as prior weaknesses. Additionally, 157 of the fixes come from the Open Source products used within multiple Oracle products.  

Our evaluation of the CPU has identified some important fixes and we want to let you know about the impact of these disclosed vulnerabilities for you.  

NB Scores of over 9 on the Common Vulnerability Scoring System (CVSS) v3 standard are considered ‘critical’. Scores between 7 and 8.9 are considered ‘high”. 

• 7 Enterprise Manager vulnerabilities, 5 of which are exploitable remotely and without requiring authentication, the highest of which scores 9.8. 
• 74 new Oracle E-Business Suite vulnerabilities, with a score of up to 8.6. 
• 8 Oracle Database vulnerabilities, the highest of which scores 8.0. 
• 51 Fusion Middleware vulnerabilities, with 44 of these (over 80%) remotely exploitable without authentication. Again, the highest of which scores 9.8. 
• 4 new Supply Chain Product Suite vulnerabilities with a ‘critical’ score of 9.8. 
• 14 new Peoplesoft vulnerabilities, with scores of up to 8.6. 
• 3 Hyperion vulnerabilities. 
• 9 Oracle Systems (hardware) vulnerabilities, 2 of which can be exploited remotely without authentication and scoring 9.8.  
• 19 Virtualization vulnerabilities.  
• 45 new MySQL vulnerabilities. 

So, what does this mean for you? 

Worryingly, a significant proportion of these vulnerabilities can be accessed remotely without authentication. This means they could be accessed over a network without requiring user credentials. Lockdown has meant most organisations have been forced to make their systems available via the internet. Consequently, the exposure to the ‘bad guys’ out there has never been greater, especially as cyber criminals try to take particular advantage of the coronavirus pandemic for their own material gains.   

Of course, security has always been an important focus for organisations. It protects reputations, confidence, data and ultimately your entire team and organisation. Now, its more important than it has ever been.  

So, please make sure you are up to date with your patching.  

If you would like any advice about CPUs, particularly in relation to your security during lockdown, do get in touch with your Inoapps Account Manager or email us for information – we’re here to help.