Oracle Critical Patch Update July 2020

By James Anthony, CTO, Inoapps 

Oracle releases a Critical Patch Update (CPU) four times a year to ensure your Oracle products remain as secure as possible. The latest CPU was released on Tuesday 14th July 2020. It addressed 443 new security exposures across the Oracle product range as well as prior areas of weakness. 

Each time a CPU is released, we evaluate what is included and the key areas you need to be aware of. This quarter we’ve highlighted some important fixes and the impact of these disclosed vulnerabilities for you.

• Oracle E-Business Suite:
  • 30 security updates
  • A maximum reported CVSS Base Score of 9.1, indicating critical vulnerability
• Oracle Supply Chain Products Suite:
  • 22 security updates
  • The maximum reported CVSS Base Score is 9.8, indicating critical vulnerability
• Oracle Fusion Middleware:
  • 52 new security updates
  • 48 of these Fusion Middleware vulnerabilities are remotely exploitable without authentication. This means they could be accessed over a network without requiring user credentials
  • The most severe CVSS Base Score reported for these Fusion Middleware vulnerabilities is 9.8
  • Oracle are recommending these patches are applied “without undue delay”
• Oracle Database:
  • 19 new security updates
  • The highest CVSS Base Score for these database vulnerabilities is 8.8, which is high but not critical
• Oracle Enterprise Manager:
  • 14 new security updates
  • 10 of these Enterprise Manager vulnerabilities are remotely exploitable without authentication
  • The highest reported CVSS Base Score for these vulnerabilities is 9.8, indicating critical vulnerability

Non-Oracle Common Vulnerabilities and Exposures (CVEs) – 3rd party products such as Open Source components used within Oracle products comprise 223 of the 443 security patches, with 90 of these 223 being either high or critical vulnerabilities.

So, what does this mean for you?

Of course, security is always critical, but now more than ever, organisations need to be on top of their patching. Sadly, even in a global pandemic cyber criminals will look to exploit vulnerabilities for profit. And as everyone moves out of lockdown and into recovery mode, the last thing you want to experience is a security breach.

So, as ever, the advice is to please make sure you are up to date with your patching, particularly, in this quarter, if you have Oracle Fusion Middleware.

If you would like any advice about CPUs and patching, do get in touch with your Inoapps Account Manager or email us for information – we’re here to help.