Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Oracle Delivers 390 Security Fixes With April 2021 CPU

Oracle this week announced the release of 390 new security fixes as part of the April 2021 Critical Patch Update (CPU), including patches for more than 200 bugs that could be exploited remotely without authentication.

Oracle this week announced the release of 390 new security fixes as part of the April 2021 Critical Patch Update (CPU), including patches for more than 200 bugs that could be exploited remotely without authentication.

The quarterly set of security patches addresses a total of 41 vulnerabilities considered critical severity, including 5 that feature a CVSS score of 10.

The most severe of these vulnerabilities could be exploited to execute code remotely within the context of the vulnerable applications, potentially resulting in full system compromise.

Oracle’s E-Business Suite received patches for the largest number of security holes, namely 70. Of these, 22 could be exploited remotely by unauthenticated attackers, Oracle reveals.

MySQL was also highly impacted, with patches for 49 vulnerabilities, 10 of which could be exploited remotely without authentication. Fusion Middleware and Retail Applications also received fixes for a large number of security issues, namely 45 (36 remotely exploitable without authentication) and 33 (31 exploitable by remote, unauthenticated attackers), respectively.

Only 5 of the 24 flaws patched in Oracle Virtualization could be exploited by remote attackers without authentication, but two of them carry a CVSS score of 10 (CVE-2021-2177 and CVE-2021-2248).

Three other bugs featuring the highest CVSS score possible were addressed in ZFS Storage Appliance Kit (CVE-2020-1472), Cloud Infrastructure Storage Gateway (CVE-2021-2317) and Storage Cloud Software Appliance (CVE-2021-2256).

Other Oracle products that received patches in this CPU include Communications, PeopleSoft, Financial Services Applications, JD Edwards, Database, Communications Applications, Construction and Engineering, Enterprise Manager, and Siebel CRM.

Advertisement. Scroll to continue reading.

Organizations are advised to review Oracle’s quarterly patches and apply the necessary software updates as soon as possible, to ensure they remain protected from potential attacks. Oracle says it periodically receives reports of attacks targeting old vulnerabilities for which patches are already available.

Applying the principle of least privilege, educating users on phishing and the threat posed by links and attachments in emails, keeping systems updated at all times, and running software as non-privileged users should help mitigate cyber-attacks.

Related: Oracle’s January 2021 CPU Contains 329 New Security Patches

Related: Recent Oracle WebLogic Vulnerability Exploited to Deliver DarkIRC Malware

Related: Oracle’s October 2020 CPU Contains 402 New Security Patches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.