Oracle released an advisory with patches made available for vulnerabilities along with a list of products that would have been impacted, on October 18. A total of 179 common vulnerabilities and exposure (CVEs) were addressed in the company’s fourth quarterly update, and 370 patches were released against the vulnerabilities.
The company released the final update and addressed vulnerabilities that impacted 27 Oracle product families. Low severity patches were seven, amounting to 1.9%. Medium severity patches were 163, amounting to 44.1%. High severity patches were 144, amounting to 38.9%. And critical severity patches were 56 in number amounting to 15.1%.
The highest number of patches were found in the Oracle communications product family, amounting to 20% which were 74 in number. Security patches for five products, i.e., Oracle airlines data model, Oracle big data graph, Oracle NoSQL database, and Oracle TimesTen in-memory database, were unavailable
Some of the Oracle product families that could have been exploited using a network without authentication were:
Among all the product families, the Oracle patch update stated that the Oracle communications witnessed 64 remote exploits without authentication, followed by Oracle fusion middleware with 43. Oracle MySQL was third in line with 11 remote exploits.
The American multinational computer technology corporation urged its users to apply the critical security patch updates as soon as possible, otherwise it may open the software to exploitation.
As per the company, future Oracle patch updates for the year 2023 will be made available as follows:
A comparison between 2021 and 2022 patches
In the first two quarters, 459 patches were released in 2021 and 487 patches in 2022. The company saw 231 patches each in quarters 3 and 4 in 2021. While in Q3 and Q4 of 2022, 188 and 179 patches were published, respectively. This draws attention to the fact that the patch requirements were high in the first two-quarters of both years compared to the next two quarters, in years 2021 and 2022.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
Israel data breach totals two petabytes, with phishing up 35% and cyber influence attacks rising 170%, says Yossi Karadi.
The UMMC cyberattack halted surgeries, closed clinics statewide and triggered a federal probe into potential patient data exposure.
ESET researchers discovered PromptSpy, the first known Android malware to integrate generative AI directly into its execution flow, marking a…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More