Oracle released an advisory with patches made available for vulnerabilities along with a list of products that would have been impacted, on October 18. A total of 179 common vulnerabilities and exposure (CVEs) were addressed in the company’s fourth quarterly update, and 370 patches were released against the vulnerabilities.
A breakdown of the patches
The company released the final update and addressed vulnerabilities that impacted 27 Oracle product families. Low severity patches were seven, amounting to 1.9%. Medium severity patches were 163, amounting to 44.1%. High severity patches were 144, amounting to 38.9%. And critical severity patches were 56 in number amounting to 15.1%.
The highest number of patches were found in the Oracle communications product family, amounting to 20% which were 74 in number. Security patches for five products, i.e., Oracle airlines data model, Oracle big data graph, Oracle NoSQL database, and Oracle TimesTen in-memory database, were unavailable
Some of the Oracle product families that could have been exploited using a network without authentication were:
- Oracle communications with 74 patches
- Oracle fusion middleware with 56 patches
- Oracle MySQL with 37 patches
- Oracle communications applications and Oracle retail applications with 27 patches each and
- Oracle financial services applications with 24 patches
Among all the product families, the Oracle patch update stated that the Oracle communications witnessed 64 remote exploits without authentication, followed by Oracle fusion middleware with 43. Oracle MySQL was third in line with 11 remote exploits.
Users urged to update
The American multinational computer technology corporation urged its users to apply the critical security patch updates as soon as possible, otherwise it may open the software to exploitation.
As per the company, future Oracle patch updates for the year 2023 will be made available as follows:
- January 17
- April 18
- July 18
- October 17
A comparison between 2021 and 2022 patches
In the first two quarters, 459 patches were released in 2021 and 487 patches in 2022. The company saw 231 patches each in quarters 3 and 4 in 2021. While in Q3 and Q4 of 2022, 188 and 179 patches were published, respectively. This draws attention to the fact that the patch requirements were high in the first two-quarters of both years compared to the next two quarters, in years 2021 and 2022.