Threat Watch

Oracle Updates Patches for 301 Vulnerabilities

A broad spectrum of vulnerabilities has received critical security touch-ups to assist the different products that Oracle provides. These were released in the Q3 October updates, with 45 of the 301 receiving a 9.8 on the scale of 10, and one even being a maximum of 10 on the severity scale. Surprisingly, this is not the largest patch we have seen from Oracle. In July they addressed 334 vulnerabilities and 55 had 9.8 scores. The 45 critical vulnerabilities gave way for attackers to utilize them from a remote location with no authentication. What might be most alarming is the fact that someone with no technical ability would be able to pull off this task. Products including Oracle Database, Oracle Communications, the Oracle Construction and Engineering Suite, the Oracle Enterprise Manager Products Suite, Oracle Fusion Middleware, Oracle Insurance Applications, Oracle JD Edwards, MySQL, Oracle Retail, the Oracle Siebel CRM and the Oracle Sun Systems Products Suite were all affected. The only vulnerability that received the 10 score has the power to impact the Oracle GoldenGate data replication framework, along with the setups where it can be deployed–such as DB2, MySQL, Sybase, and Terradata. More information will come as it is published throughout the weekend, giving time for organizations to update the applications.

ANALYST NOTES