Oracle's Critical Patch Update April 2023
What does it mean for you?
Oracle has released its quarterly Critical Patch Update for April 2023 and it highlights 433 new security patches for various security vulnerabilities.
341 of these are in third-party (typically open-source) components coming as part of the Oracle distribution and therefore common across multiple products. Of these 251 are either high (7-8.9) or critical (9.0-10) for their CVSS (Common Vulnerability Scoring System) score.
We've listed below the products affected, the number of vulnerabilities found in each, and the CVSS score, which determines the overall risk posed by the vulnerability in your environment.
Why should I apply the Critical Patch Update now?
If you're using any of the products in this list, it's important that you address the vulnerabilities in your estate, to maintain the security of your hardware and applications. If you don't apply new Oracle patches, your system could be left vulnerable to cyber-attack or other security threats.
Inoapps' team of technology experts regularly works with customers to ensure their systems remain protected. If, after reading this, you have questions and need support, contact us!
Oracle Middleware49 new vulnerabilities of which 44 can be exploited remotely without authentication and the highest scoring of 9.8 (CRITICAL)
We consider this a priority for customers given the typically web-facing aspect of deployments and that Fusion Middleware underpins many other products
5 new vulnerabilities patched with a highest score of 6.8
- Oracle Essbase
4 new vulnerabilities with the highest scoring 5.9
- Oracle Hyperion
2 new vulnerabilities with the highest scoring 9.8 (CRITICAL)
10 new vulnerabilities with the highest scoring 9.8 (CRITICAL)
- Oracle E-Business Suite
4 new vulnerabilities, the highest scoring 6.5
- Oracle Enterprise Manager
4 new vulnerabilities, the highest scoring 7.5
It's vital you stay on top of Critical Patch Updates as these patch sets are cumulative. This list only includes NEW vulnerabilities patched since the last quarterly update and if you have not applied prior patch sets, you will also need to consider vulnerabilities resolved by these.
Whenever a new Critical Patch Update is released, Inoapps' technology consultants are ready to analyze our clients' systems and give advice on the best way to implement new updates.
Contact us today for help with patching or securing your estate.