Oracle releases first CPU of 2021
How are you affected?
The latest quarterly Oracle Critical Patch Update was released on Tuesday 19th January 2021. It deals with 329 new security exposures across the Oracle portfolio in addition to previous areas of weakness. Our CTO, James Anthony, has reviewed this quarter's CPU and ordered the vulnerabilities below by the level of impact they are likely to have on users.
Read on to see how your organization is affected...
Please note that since the release of the October 2020 Critical Patch Update, Oracle has released a Security Alert for Oracle WebLogic Server: CVE-2020-14750 (November 1, 2020). We strongly advise customers to apply this Critical Patch Update, which includes patches for this Alert as well as additional patches.
Other updates of note:
- E-Business Suite: 31 new vulnerabilities with a maximum CVSS score of 9.8 (Critical)
- Database: 8 new vulnerabilities with a highest score of 8.8
- Middleware: 60 issues resolved – 47 of which are remotely exploitable without authentication!! – Oracle are recommending these are applied without delay to any internet facing systems
- Hyperion – 7 new vulnerabilities with 5 remotely exploitable without authentication and a highest score of 9.8
- Enterprise Manager: 8 vulnerabilities. ALL of which are exploitable remotely without authentication and a highest score of 9.8
- Others: MySQL – 43 new vulnerability fixes, Oracle Virtualization – 17 new fixes, Oracle Systems – 4 fixes (3 of which are remotely exploitable without authentication)
What does the Oracle CPU mean for you?
Digital security should always be high on the agenda but, as organizations continue to respond to Covid-19 with remote working and adapted working practices, it's even more critical to ensure your information is safe.
Our advice is to please keep up to date with your patching to limit the opportunity for a damaging security breach. Users of Oracle Systems, Middleware and Enterprise Manager should particularly ensure they take urgent action.
How can Inoapps help?
If you would like advice about CPUs and patching, please email us today for information – we're here to help.